# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: gozi, isfb, dreambot, ursnif, TA551, shathak

# Reference: https://github.com/fideliscyber/indicators/blob/master/Blogs/New%20URSNIF%20Targeting%20Italy%20and%20US/url.csv

creatortherefore.cn
goinumder.su
goyanok.at
hothegivforsuffer.cn
hulivam.at
justiceseasfriends.cn
lopertopgo.su
mid100.at
nexpoo.at
noopex.at
outaplaceshave.cn
pergozip.at
therepalon.su
trepeatedandequal.cn

# Reference: https://www.forcepoint.com/blog/security-labs/many-faces-ursnif-email-hijacking-mailslots-and-insecure-servers

14ca1s5asc45.com
9qwe8q9w7asqw.com
asd5qwdqwe4qwe.com
d4q9d4qw9d4qw9d.com
dq9wq1wdq9wd1.com
dqowndqwnd.net
eq9we1qw1qw8.com
fqw4q8w4d1qw8.com
g98d4qwd4asd.com
gtqw5dgqw84.com
hhhasdnqwesdasd.com
hhjfffjsahsdbqwe.com
jjasdkeqnqweqwe.com
kkjkajsdjasdqwec.com
kkmmnnbbjasdhe.com
mmmnasdjhqweqwe.com
oiwerdnferqrwe.com
ooaisdjqiweqwe.com
oooiasndqjwenda.com
oooiawneqweasd.com
oqk4123613123.net
oyiyuarogonase.net
popopoqweneqw.com
ppoadajsqwenqw.com
ppoasdqnwesad.com
pqwoeasodiqwejes232.com
q5q1wdq41dqwd.com
qiwjesijdqweqs.com
qw6e54qwe54wq.com
qw8e78qw7e.com
qwd1q6w1dq6wd1.com
qwd1qw8d4q1wd.com
qwdohqwnduasndwjd212.com
qwe1q9we1qwe51.com
qwekasdqw8412.net
qweoiqwndqw.net
qwojdaisd1231.net
qwqw1e4qwe14we.com
qwqweqw4e1qwe.com
qwundqwjnd.net
r9qweq19w1dq.com
rqw1qwr8qwr.com
rrrradkqwdojnqwd.com
sdf5wer4wer.com
sdjqiweqwnesd.com
t8q79q8wdqw1d.com
tr8q4qwe41ewe.com
tttiweqwneasdqwe.com
uuasdjqwehnasd.com
uurty87e8rt7rt.com
uuyyhsdhasdbee.com
wdojqnwdwd.net
wdq9d5q18wd.com
yyjqnwejqnweqweq.com

# Reference: https://www.f-secure.com/v-descs/trojan_w32_ursnif.shtml

bergesoma.com
polinodara.com

# Reference: https://www.cert-pa.it/news?id=10536

werwaarogonase.net
fhjjndiasnew.net
axewansdownew.net

# Reference: https://twitter.com/JAMESWT_MHT/status/1045682605662851073

d792jssk19usnskdxnsw.com
29uwuwousuw8wuwyuwie.com
ye8283yeiw283929wu2.com
h2812932937292sjshskz.com

# Reference: https://twitter.com/luc4m/status/1045671697268051968

h2812932937292sjshskz.com

# Reference: https://twitter.com/avman1995/status/1047018001810300928

382oiso10si8sowppdoiwpc.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1047414713850781697

/MXE/files/
/TOL/files/

# Reference: https://twitter.com/Bank_Security/status/1049640177361186818
# Reference: https://pastebin.com/mkMfAf9Z

avitoon.at
dicin.at
fofon.at
go10og.at
jimden.at
kaonok.at
kartop.at
twidix.at
tylron.at
mahono.cn

# Reference: https://twitter.com/ViriBack/status/1051565888212791296

hdiwuey872629hsgs18702837.com
k37aos82skd9nal92kamcdla.com

# Reference: https://twitter.com/mgiovamo/status/1051771811438964736

testmykickstarter.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1052469234159239168

37iwdmx103qlsmx.com
againstitudents.com
ey271psx8127301.com
woatinkwoo.com

# Reference: https://blog.minerva-labs.com/attackers-insert-themselves-into-the-email-conversation-to-spread-malware

nesocina.com
tapertoni.com
tenicoriv.com
onkoloper.com
nidersona.com
maxigozo.com
nasodirom.com

# Reference: https://twitter.com/Bank_Security/status/1055099888906702850
# Reference: https://pastebin.com/DYZhgSnH

33gourmetdelinyc.com
smallworld-parties.com
kapswholesale.com
aghapyfoodridgewood.com
810delicafe.com
ajisaijapanesenyc.com
jfklandscape.com

# Reference: https://www.nttsecurity.com/docs/librariesprovider3/default-document-library/jp_ursnif_20161226

i56a4c1dlzcdsohkwr.biz
66ssywiogjvwljaopw.com
reebovnenewbne001.com
neneeeenqwenene188.com
ceeoerunw10.com
echo.listentree.com
pop.lawadviceonline.org
licensecanadian.ru
arewithoutwarranty.xyz
thenotwithsoldsuequiv.ru
goglosmmosss.com

# Reference: https://blog.yoroi.company/research/ursnif-long-live-the-steganography/

pereloplatka.host
roiboutique.ru
uusisnfbfaa.xyz
nolavalt.icu
sendertips.ru

# Reference: https://www.cybereason.com/blog/new-ursnif-variant-targets-japan-packed-with-new-features

baderson.com
mopscat.com
gorsedog.com
pintodoc.com
ropitana.com
pirenaso.com
papirosn.com
delcapen.com

# Reference: https://twitter.com/avman1995/status/1094181713121558529

qfelicialew.city
mzg4958lc.com
gxuxwnszau.band

# Reference: https://twitter.com/avman1995/status/1108760534894170113

insurancephotolive.xyz
nophotoinsecure.xyz
topolotonop.xyz

# Reference: https://twitter.com/avman1995/status/1108623779062861824

fnyah44.email
wrladoph.city
rsf58.city
subaldodd.email

# Reference: https://twitter.com/James_inthe_box/status/1109520290323693568

keepincomemoney.website

# Reference: https://blog.talosintelligence.com/2019/03/threat-roundup-0315-0322.html (Win.Malware.Ursnif-6896385-0)

kkariannekatrina.company
f61leeii.com
qmitchelkp.com

# Reference: https://otx.alienvault.com/pulse/5c9a405e5645c8011c7030f3

blogger.scentasticyoga.com

# Reference: https://twitter.com/bomccss/status/1110997371188465664

sumeriun.com

# Reference: https://twitter.com/gorimpthon/status/1078159820371288064

thatconditions.online

# Reference: https://twitter.com/gorimpthon/status/1077498826934480896

theanyexppatent.online

# Reference: https://twitter.com/Sec_S_Owl/status/1084967201222717440

theincludingte.online

# Reference: https://twitter.com/58_158_177_102/status/1087514326607355904

freetoper.accountant

# Reference: https://twitter.com/AES256bit/status/1079582045439877121

tformlicensable.online

# Reference: https://twitter.com/gorimpthon/status/1078159820371288064

thatconditions.online

# Reference: https://twitter.com/gorimpthon/status/1077498826934480896

theanyexppatent.online

# Reference: https://twitter.com/AES256bit/status/1063113281441738752

cjwefomatt.com
dubbergergbb.com
ticrerfgiff.com

# Reference: https://twitter.com/bomccss/status/1103211371817197568

mopscat.com

# Reference: https://twitter.com/CybereasonJPSOC/status/940267086802063360

comanylimiteddocume.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1113063803753684995
# Reference: https://app.any.run/tasks/223464af-a7be-454b-8f8f-2a8819bde8c1

posakloska.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1113429156040196096
# Reference: https://app.any.run/tasks/22f1f4c3-0297-49a9-89a9-787eee944de9

adonis-medicine.at

# Reference: https://blog.yoroi.company/research/ursnif-the-latest-evolution-of-the-most-popular-banking-malware/

nuovalo.icu
nuovalo.site

# Reference: https://twitter.com/avman1995/status/1116271689057427456

lunchrappz.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1117694292359819265
# Reference: https://app.any.run/tasks/ca845868-1bba-47ac-8fc5-cf3ba9b86b80

eloiyus.site
nuovalo.icu

# Reference: https://twitter.com/JAMESWT_MHT/status/1117711355363168256
# Reference: https://app.any.run/tasks/f6198a2a-e3c2-48dd-b1ab-dcd723770fd1

itschoolegz.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1123206109421027329
# Reference: https://pastebin.com/NqSBZYCd

npou82vb.info
xjustusia37.xyz

# Reference: https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html (# Win.Malware.Ursnif-6957672-0)

ciemona.top
fqwalfredoesheridan.info
vmelynaa.club
zwbaoeladiou.xyz

# Reference: https://twitter.com/bomccss/status/1125667764868247552

lidersonef.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1125746846335479808

b49ealsgrjf63w.info

# Reference: https://twitter.com/VirITeXplorer/status/1126015303312396288

sharktankdigestq.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1126044178327191558

velissimilio.site
zxcvsdffffdsv.icu

# Reference: https://twitter.com/VirITeXplorer/status/1128936190311391233

jxfps21tjohnathon.xyz
ntyrique6024karlie.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1130797257375330304
# Reference: https://twitter.com/James_inthe_box/status/1130805489707520000
# Reference: https://pastebin.com/ZUKsE8FQ

r588uaacornell.info
tzdottopm.xyz
v22xscot.info

# Reference: https://twitter.com/SethKingHi/status/1131762896793268224

fbilly75.com
tcletuswi.top
vtaeladarius47.com

# Reference: https://twitter.com/sugimu_sec/status/1133293529025744896

newupdatindef.info

# Reference: https://twitter.com/JAMESWT_MHT/status/1133327173467672581

loaidifds.club

# Reference: https://twitter.com/SethKingHi/status/1133565099577266176

dohilda.club
m49crod.info
mshaun24sidney.top

# Reference: https://twitter.com/sugimu_sec/status/1133714003455168512

aliooird.us

# Reference: https://twitter.com/sugimu_sec/status/1133716946967416835

doliurt.icu

# Reference: https://twitter.com/VirITeXplorer/status/1134009733705359360

clarrywillow.top
rueu5334.info

# Reference: https://twitter.com/JAMESWT_MHT/status/1134039582729822209

office-365-cloud6-2.pw

# Reference: https://twitter.com/JAMESWT_MHT/status/1134373743634071557

sumvawe1s.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1134438287358271489

tericks90.info

# Reference: https://pastebin.com/8AkBCP3p

cannamariecordell.com
hchyna985.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1135815803880820742
# Reference: https://twitter.com/sugimu_sec/status/1135818200455626752
# Reference: https://app.any.run/tasks/9a352314-04a9-4594-8d10-9f375b7cc2c3/

http://176.10.118.191
markeettit.club
markeettit.email
riehmconstruction.com
westseattlenailsalon.com

# Reference: https://twitter.com/58_158_177_102/status/1136164132279861248

paderson.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1136181780531294208

allspanawaystorage.net
extrastoragesandiego.com
searchstoragequote.com
usastoragenetwork.com

# Reference: https://twitter.com/VirITeXplorer/status/1136165811968716800

gopickupnow.com

# Reference: https://twitter.com/58_158_177_102/status/1136162140283236352

firedron.top

# Reference: https://twitter.com/VirITeXplorer/status/1136529259000995840

mmmtbsusanna.info
r52yoo.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1136542388510441472

vduncanoo.club

# Reference: https://twitter.com/Racco42/status/1136991881626341377

blockshain.info

# Reference: https://twitter.com/sugimu_sec/status/1137987552097366016

iqqoiuetyd.club
niloiuyrt.info

# Reference: https://twitter.com/bomccss/status/1138620211140030464

marcoplfind.at

# Reference: https://twitter.com/Bank_Security/status/1138680380242968576
# Reference: https://pastebin.com/ut0fw5Ry

filomilalno.club
fileneopolo.online
reziki.online
reziki.xyz

# Reference: https://twitter.com/VirITeXplorer/status/1138703768994758656

b64zwvi.top
mjoan95bn.info

# Reference: https://twitter.com/58_158_177_102/status/1140519789368098818

timenard.top
tupeska.top

# Reference: https://twitter.com/reecdeep/status/1140880338790617089

m6147keeganpw.info

# Reference: https://twitter.com/VirITeXplorer/status/1141597876432322560

dmurrayh52k.club
fconnieao.club

# Reference: https://twitter.com/sugimu_sec/status/1141618472612319232

iluuryeqa.info
ueba6ka.club

# Reference: https://twitter.com/JAMESWT_MHT/status/1141636986912018432

jyoe91alverta.top

# Reference: https://twitter.com/James_inthe_box/status/1141788413697253376

fiho.at
audiobookjunkie.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1141969652656082944

imtbreds.com

# Reference: https://twitter.com/reecdeep/status/1142006559247097856

iluuryeqa.info

# Reference: https://blog.talosintelligence.com/2019/06/threat-roundup-0614-0621.html (# Win.Malware.Ursnif-6995948-1)

capoverso.info
cyberplay.at

# Reference: https://twitter.com/killamjr/status/1143138622289391616

zuvwax.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1143483784605708291

sdelaneyuaclotilde.club

# Reference: https://twitter.com/JAMESWT_MHT/status/1144155439598309376
# Reference: https://app.any.run/tasks/383c4c0a-e2f0-46d2-9688-27243cd17681/

n82burdette62.top

# Reference: https://twitter.com/reecdeep/status/1144156253075247104

fundoluyr.fund

# Reference: https://twitter.com/JAMESWT_MHT/status/1144154461759311872

mmontyireina.club
riul.xyz
s62mxcn.club

# Reference: https://twitter.com/sugimu_sec/status/1144180837526585344

48727711.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1145676603038605312

g69jylv.xyz
koe32dayton.com
woa79ewinfield.club

# Reference: https://twitter.com/VirITeXplorer/status/1145961294945771521

je28oy379.info

# Reference: https://twitter.com/p5yb34m/status/1146420354564280321

danforthdrugmart.ca
toolz22n5.info

# Reference: https://twitter.com/gorimpthon/status/1147099717693661185

pjr82milford.xyz
cio12y21e99.top
pp70guy53kevin.top

# Reference: https://twitter.com/luc4m/status/1148855879686656000
# Reference: https://pastebin.com/F24ifaDe

celvai.info
wlulua99reagan.info
wms533713juana.club

# Reference: https://github.com/stamparm/maltrail/pull/2869/commits/aef8355aa623f3a137aa885dd6b844b17115b371

cocoon1city.com
kolaandpepsi.com
lloydsbankdocs.com

# Reference: https://twitter.com/reecdeep/status/1151405327335743488

http://185.193.141.248/gs.php
fcamylleibrahim.top
viuecody.club

# Reference: https://twitter.com/sugimu_sec/status/1151491320956874754

qo34789g.xyz

# Reference: https://twitter.com/VirITeXplorer/status/1152118722577993728

thebohuff.com

# Reference: https://twitter.com/VirITeXplorer/status/1152121710369546245

roza1beach.com

# Reference: https://twitter.com/VirITeXplorer/status/1152118727036588032

kolaawhatepsi.com
wyattspaintbody.com

# Reference: https://twitter.com/killamjr/status/1152235739679059969

jpearl26kacey.top
sdorthyyantonietta.top
cutaylorpascale.top

# Reference: https://twitter.com/0bfusCat/status/1153266712130859009

project-xxx1.biz

# Reference: https://twitter.com/P3pperP0tts/status/1154325581795696640

blaneymarquise.info
prnaajm83.club
rcamryny.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1154380971753529344

http://109.196.164.79/3.php

# Reference: https://twitter.com/58_158_177_102/status/1155753745486974976

irwhfgowe.xyz
newupprolods.club
riuytessl.xyz

# Reference: https://twitter.com/58_158_177_102/status/1155758187309436928

siurreje.xyz
aliiuyrt.xyz
aliiuyrt.space
newupprolods.fun

# Reference: https://twitter.com/Mesiagh/status/1156235282515025920
# Reference: https://pastebin.com/PYgnFqSU

c67562ukx.top
czgpoy30kane.xyz
zbmou8oa.top

# Reference: https://twitter.com/smica83/status/1156482263019872256

powerprivat.ru
trading-secrets.ru
vaslbnt.ru
intrade-support.at
intrade-support.ru
66.181.168.248:80

# Reference: https://twitter.com/reecdeep/status/1156538323206311936

q9676cassie.com

# Reference: https://twitter.com/reecdeep/status/1156813693872726017

d8021.club
pgtimelda97.top
w47cldemario.top

# Reference: https://twitter.com/killamjr/status/1159088302965833728

t10zulamgya.com

# Reference: https://twitter.com/Cybor_Tooth/status/1161683663840514050

zvaleriefs96.com

# Reference: https://twitter.com/killamjr/status/1161713701684174848

hoal9.com

# Reference: https://twitter.com/sugimu_sec/status/1163786238685401088

llooioloi.xyz

# Reference: https://twitter.com/sugimu_sec/status/1163813726962606081

newupprolods.club

# Reference: https://twitter.com/zuinmichele/status/1164088051418697729
# Reference: https://twitter.com/zuinmichele/status/1164088197485387776

asksuze.com
suze10n1.com
vregbqeg.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1164132237195063296

moneymindedmoms.com

# Reference: https://twitter.com/BompaniMarco/status/1164444291701313537

13287469.best
egiiuouy.club
newupprolods.club

# Reference: https://twitter.com/JAMESWT_MHT/status/1164879244759113729

goarebecao.club
khgyurm.com

# Reference: https://twitter.com/killamjr/status/1164988661848510464

bsamnz.com
gjoannemajor.com

# Reference: https://twitter.com/luc4m/status/1165285566012907520
# Reference: https://pastebin.com/78khyf1y

waehaylieoumaximus.top
wtlverner.club
zjackyouoa.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1165999042180128770
# Reference: https://twitter.com/malware_traffic/status/1166090267767791616

b71t2012.xyz
jt23932.xyz

# Reference: https://twitter.com/sugimu_sec/status/1166005809001558016

mzy48domenico.com

# Reference: https://twitter.com/killamjr/status/1166347365235724288

k23ueugeniay.com
sizfjalenk51.com
v25brigittet.com

# Reference: https://twitter.com/killamjr/status/1166350012961435648

inmax.at

# Reference: https://twitter.com/JAMESWT_MHT/status/1166610985106493443

sizfjalenk51.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1166993754697453568

lyckapost.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1167048860327452677

qmiller.club

# Reference: https://twitter.com/JAMESWT_MHT/status/1167442145231482880

essaycomplete.xyz
eroomia.com
zuoashlyc.com

# Reference: https://twitter.com/killamjr/status/1167513746689970178

ze5upyoybvc0yeke.com
zuoashlyc.com
x4fwben.xyz
rreynold77.club

# Reference: https://twitter.com/reecdeep/status/1168776666790944768

gfewvb6phuhcjy.com

# Reference: https://twitter.com/VirITeXplorer/status/1168797417417904128

xiviola30heber.xyz

# Reference: https://twitter.com/James_inthe_box/status/1168914983578755073

ciaraburkett.xyz

# Reference: https://twitter.com/gigafio/status/1168927448223932416

tanguear.it
hsz59c1evs1h30.com
x77unhucolten.com

# Reference: https://twitter.com/reecdeep/status/1168776666790944768

107gam.com
10bonusonline24.info
406lawyers.net
alicetheguru.com
atbstroy.com
harpbyrequest.com
litum.org
mesondelprincipe.com
miamicoffeebar.com
orangetheorymb.com
rosenstock.net
stat-football.com
zepcnc.com

# Reference: https://twitter.com/reecdeep/status/1169174309149061121
# Reference: https://app.any.run/tasks/816dc2bd-2f23-4d06-b16f-7f8e904059c7/

alloiudh.casa

# Reference: https://twitter.com/reecdeep/status/1169178088963543040

llaiuyeiv.xyz

# Reference: https://twitter.com/James_inthe_box/status/1169265148659261441
# Reference: https://pastebin.com/VyyyMUJa

d2h2e7azvio4e7sp.com
hateatate.xyz
tcolleen4463dn.com
v57zfvp.com

# Reference: https://twitter.com/notajungman/status/1169274359397199872

zbtgcvclwr3qoz7h.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1169280410238562304

gl6063f3cc237zqm.com
kv4gfnj59y0r9q6l.com

# Reference: https://twitter.com/malware_traffic/status/1169312743956066305

pb128o6c2favwk.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1169592043246690304

gbszciag8tgf2m.com

# Reference: https://twitter.com/Paladin3161/status/1169588648259411968
# Reference: https://pastebin.com/Z7YSad5d

fiho.at
inmax.at

# Reference: https://twitter.com/malware_traffic/status/1169727825823354880

f39fxnzeanabelle.xyz
sdscqgtm63mz1b.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1169899678453731329

bostonfrogpond.com/groups/tag.emf
neobootcamp.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1169936612769370112
# Reference: https://app.any.run/tasks/ff7fda21-ff34-4b9d-bae0-6588d0682e0e/

ty29lt.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1171034830143987712

w6948qzoila.xyz

# Reference: https://twitter.com/luc4m/status/1171721625043161092

ooakieyrc.xyz

# Reference: https://twitter.com/reecdeep/status/1172056906803924995

wantriopplos.xyz

# Reference: https://twitter.com/gigafio/status/1172481607334342657

tabibmadical.com

# Reference: https://twitter.com/VirITeXplorer/status/1173879933124448256

30082019.xyz
aliiuyrt.xyz
bateshkeeutgv.best
fileouya.xyz
leuzervllik.website
rezervoi300819.online
zelrvllik.fun

# Reference: https://twitter.com/JAMESWT_MHT/status/1175037824451665926

limitsno.at

# Reference: https://twitter.com/pancak3lullz/status/1175089086614462464

tkynyd710wiw.com

# Reference: https://twitter.com/pancak3lullz/status/1175081472945983490

gyttgod.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1176152753510473729

shvaiwq.com

# Reference: https://twitter.com/reecdeep/status/1176383004995923968

centalnana.com
the53augustine.com

# Reference: https://twitter.com/sugimu_sec/status/1176409540004200448

newupistebls.shop
UpdatelinkNew.cc

# Reference: https://twitter.com/Mesiagh/status/1176245402737135616

chiasun.xyz
eleanora.xyz
sweetlights.at

# Reference: https://twitter.com/reecdeep/status/1176743174133432322

skindnarog.com
twbaayoe.com

# Reference: https://twitter.com/reecdeep/status/1176754046352408578

asinaptali.com

# Reference: https://twitter.com/VirITeXplorer/status/1176764806344380416

utirierons.com
huminatacp.com
meartitalo.com
jmmeamafaldaannamae.xyz

# Reference: https://twitter.com/reecdeep/status/1176809589418975232

UplUpdkb21.pw

# Reference: https://twitter.com/JAMESWT_MHT/status/1177238068618846208

noteboockfix993.info
guiqkuoeelenor.top

# Reference: https://twitter.com/58_158_177_102/status/1178963613882601472

alister-mathmatics.club

# Reference: https://twitter.com/JAMESWT_MHT/status/1179294188107653120

soatti2.com
x91aot53.club

# Reference: https://twitter.com/w3ndige/status/1179292167652679680
# Reference: https://app.any.run/tasks/ee7bf38d-c9ad-4ded-a236-10c54eae623c/

miooosooosos.xyz

# Reference: https://twitter.com/luc4m/status/1179351029726502912

lfdxf54ia.com
muucriogabe.com

# Reference: https://twitter.com/blu3_team/status/1179544056457768962
# Reference: https://app.any.run/tasks/e2cc76c0-0551-496f-8830-65b4a5de6077/

cornsholav.com

# Reference: https://twitter.com/VirITeXplorer/status/1179663290118615040

gonetplay.xyz

# Reference: https://twitter.com/dor0n1/status/1179663720974303232

doizvethea.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1179721642462851074

fornewinst0310.info
majavontehm.com

# Reference: https://twitter.com/w3ndige/status/1180003595921612805
# Reference: https://twitter.com/w3ndige/status/1180003598039683072
# Reference: https://app.any.run/tasks/2ce5a776-f5f9-4724-a652-ce6a08e5f268/

buismashallah.at
doollsllslaas.xyz

# Reference: https://twitter.com/James_inthe_box/status/1180124151320698880
# Reference: https://app.any.run/tasks/3ab547c6-d615-46f4-8a96-94ba4458d48f/

angiasatop.com
fumpregere.com

# Reference: https://twitter.com/bomccss/status/1180442530548076544
# Reference: https://app.any.run/tasks/b98c0ab1-0c9f-465c-83e2-c476ec4786c8/

limitsno.at
mashallah.at

# Reference: https://twitter.com/sugimu_sec/status/1181139013362544640

pianiilii.pw

# Reference: https://twitter.com/luc4m/status/1181158309845450752

aaxvkah7dudzoloq.onion
anumal-planet.at
weekends-estate.xyz

# Reference: https://twitter.com/sugimu_sec/status/1181195928469852160

newupistebls.online

# Reference: https://twitter.com/VirITeXplorer/status/1181244650432192513

finlllaio.club
finlllaio.host
finlllaio.space
zelrvllik.fun
30082019.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1181512884637114373

kenneyai.xyz

# Reference: https://twitter.com/VirITeXplorer/status/1181466099252109313

atomoton.xyz
customwastereceptacles.com
enrichcollege.xyz
prodartsfans.com
suckpussycat.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1181515327223545857

laogxsc3377allison.club

# Reference: https://twitter.com/abuse_ch/status/1181521509971644416

reejosephiney.top
wr29shaniakobe.xyz
zkeaganarlie.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1181465402611777536

attorneyfd.com
corsoesq.info
enrichcollege.xyz
customwastereceptacles.com
national-industries.com
newplannersolutions.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1181833036478009345

hemamasandthepapasband.com
barradesalinas.com
proboxingfans.com
emilystravel1.com

# Reference: https://twitter.com/VirITeXplorer/status/1181850076857155584

finemineraldealers.co
forensicpursuit.info
proboxingfans.com

# Reference: https://twitter.com/reecdeep/status/1181851038753656833

alerihbfer.xyz

# Reference: https://twitter.com/reecdeep/status/1181854384101216257

newupistebls.shop

# Reference: https://twitter.com/JAMESWT_MHT/status/1181930891133804544

gacraze0710.com
t7763jykqeiy.com

# Reference: https://twitter.com/VirITeXplorer/status/1182185779860299776

adigitalteam.com
randyrash.xyz
theramones.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1182236944467714048

cartoons-online.at

# Reference: https://twitter.com/JAMESWT_MHT/status/1182270410601222147

puylzmay.xyz

# Reference: https://twitter.com/sugimu_sec/status/1182284839061348352

c66845582aniyah.club
dcz35percy.top
tfernzq.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1182552698459250689

deidrekreuz.com
newmillerhvac.com
samportal.com
skinrenaissanceclinic.net
spaceagemeat.xyz
sprintnetworksti.com
thekingofsoul.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1182560077070454786

vip-statistic.at

# Reference: https://twitter.com/James_inthe_box/status/1182682649753600000

tenusitidi.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1183647452353695745

bracesonpostcard.com
startdfy.com
yourpremiersmile.com
adultprizes.xyz

# Reference: https://twitter.com/VirITeXplorer/status/1183639745726943232

carringtonit.xyz
thefuturesgame.biz

# Reference: https://twitter.com/w3ndige/status/1183799724979249152

jonkortyjjsas.xyz
seioodsoi.club
joskaejw.club

# Reference: https://twitter.com/w3ndige/status/1181989173458288640

chetropposdsa.xyz

# Reference: https://twitter.com/w3ndige/status/1181276348003864576

proposopsd.xyz

# Reference: https://twitter.com/reecdeep/status/1184023581455454209

raloautt.pro

# Reference: https://twitter.com/luc4m/status/1184049545833058304

livejunto.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1184120117929611265

qisqholden.com

# Reference: https://twitter.com/sugimu_sec/status/1184448482641240065

newupistebls.site
obolko.site

# Reference: https://pastebin.com/HLnQT4qy

votaritar.at

# Reference: https://twitter.com/abuse_ch/status/1184757198364258304

sjoanie52v3.com
wgersonioia.com

# Reference: https://www.sentinelone.com/blog/writing-malware-traffic-decrypters-for-isfb-ursnif/

bemiljqjohnpaul.com
jjasonbenedict.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1185078973614743552

sac-sofom.com
patinauniversity.net
northcarolinaforeclosuresforsale.com
jostensarlington.com
emilystravel1.com

# Reference: https://twitter.com/reecdeep/status/1186552161255280640
# Reference: https://twitter.com/reecdeep/status/1186572239006846976
# Reference: https://twitter.com/sugimu_sec/status/1189110803716165632

slalloim.host
slalloim.pw
slalloim.site
slalloim.space

# Reference: https://twitter.com/reecdeep/status/1186555095049211904

iehrbfoei.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1186556083927691264

wngtdpablo.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1187274922588082176

issmalta.xyz
mrsvgnpwr.com
waszkovia.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1187319895685500928

nokatelinabe.top
r8566noahthea.com
wlnfermin.com

# Reference: https://twitter.com/killamjr/status/1187731670696378368

bullisworg.com

# Reference: https://twitter.com/killamjr/status/1187733046377754624

cy56emie.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1187699534144651265

mqz8342lela.com

# Reference: https://twitter.com/Paladin3161/status/1187740438180061185

rexa.at

# Reference: https://twitter.com/sugimu_sec/status/1189113687711219712
# Reference: https://twitter.com/reecdeep/status/1191283783644917760

oeuhbfqw.xyz
oeurhbf.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1191280036273360896
# Reference: https://app.any.run/tasks/140d1cda-31c4-4151-9f88-cec83f2475a1/

chucelo.fun
chucelo.pw

# Reference: https://twitter.com/reecdeep/status/1191998519525224449

wensa.at

# Reference: https://twitter.com/JAMESWT_MHT/status/1192034769011388417

lmikelnf.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1192029516543254528

intraders-support.at

# Reference: https://twitter.com/reecdeep/status/1192346259635539968

jscfgfuevx.com
t6kamillemoshe.com

# Reference: https://twitter.com/reecdeep/status/1192415305873670144

nazscklpaq.com

# Reference: https://twitter.com/reecdeep/status/1194557484867997696

eyrgfero.red
owuefoeu.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1194655073353240581

astacefaim.com

# Reference: https://twitter.com/luc4m/status/1194899996019171328

ghdy656262oe.com 
tnzf3380au.top 
xijamaalj.com

# Reference: https://twitter.com/reecdeep/status/1196363455772741632

reloffersstart.co

# Reference: https://twitter.com/reecdeep/status/1196408189643874304

mantoropols.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1196717243528298496

hivechannel3.com
myegy.club
teablitziloilo.xyz
thefork.info

# Reference: https://twitter.com/w3ndige/status/1196809536767700993

arethatour.icu
drunt.at
offupweekin.xyz
potronisl.xyz
seioodsoi.club

# Reference: https://twitter.com/matte_lodi/status/1197082261608452096

generalmusician.xyz

# Reference: https://pastebin.com/GbV8Vdzb

ahah100.at
one.ahah100.at
ahonpot.at
beemstop.at
casus.at
kastrop.at
rexa.at
targoo.at
unomal.at
votaritar.at
wensa.at

# Reference: https://twitter.com/malware_traffic/status/1197562166309724166

185.118.165.109:443
45.132.19.167:80
k55gaisi.com
n9maryjanef.com

# Reference: https://twitter.com/nao_sec/status/1198613811277598720

platonusklakiusojw.xyz

# Reference: https://twitter.com/sugimu_sec/status/1198889984876408833

padareova.fun
toloadname.xyz

# Reference: https://twitter.com/sugimu_sec/status/1198885293715156992

booksale.red
guatemal.xyz
hummercarss.com
nsdaqos.pw
randomord.com
reoomavo.fun
skrollinu.xyz
steercos.pw
wessell.pw

# Reference: https://twitter.com/malware_traffic/status/1199082282033778693

s82dortha27r.top

# Reference: https://twitter.com/reecdeep/status/1199227801980882944

disecliear.com

# Reference: https://twitter.com/reecdeep/status/1199236030676770816

qyr78wfya85.top

# Reference: https://twitter.com/reecdeep/status/1199247687738109952

iristwaica.com

# Reference: https://twitter.com/reecdeep/status/1199250532231208960

gogaritons.com

# Reference: https://twitter.com/reecdeep/status/1199600932369108992

fjavieryvette94.com
thantifick.com

# Reference: https://twitter.com/James_inthe_box/status/1199725721989443584

fulldin.at

# Reference: https://twitter.com/0xSirDom/status/1200398273476997120

addloanalao.xyz
doorlooplsit.xyz
goodpanelselinum.xyz
laodonaln.xyz
philippeschellekens.com
skamulinus.xyz
stamperistm.com

# Reference: https://twitter.com/nao_sec/status/1201128853055213571
# Reference: https://app.any.run/tasks/e38e7b50-0dd6-403d-b591-4159be2cb33e/

llohumas.today

# Reference: https://twitter.com/reecdeep/status/1201448424064856064

newsitalybiz.club

# Reference: https://twitter.com/sugimu_sec/status/1201505212814569472
# Reference: https://twitter.com/sugimu_sec/status/1201431470893436929

agenziadelleentr.pw
armanidesk.xyz
asistenzaonliine.com
asistenzaonline.pw
asistenzaonlinu.red
genzleentr.host
helpabout.pw
newsitalybiz.club
readmebook.fun
redxyzred.xyz

# Reference: https://twitter.com/Bl4ng3l/status/1201896387471978497

aforattren.com

# Reference: https://twitter.com/reecdeep/status/1201786601078185984

w83v45ws.com

# Reference: https://any.run/malware-trends/ursnif (Note: as seen on 2019-12-04)

wensa.at
fulldin.at
ahah100.at
spiritualdreamsdecoder.com
embracethechill.com
furbuddyz.com
wellswise.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1202159145975238657

digoedani.xyz
legacymodsquad.xyz
penrithrivercafe.com
robsitbon.net

# Reference: https://app.any.run/tasks/20bdf9c8-e914-401e-b7b8-7d1a970de5ae/

popuribart.com

# Reference: https://twitter.com/jcarndt/status/1202224056659038210

trayeantir.com

# Reference: https://twitter.com/fr3dhk/status/1202283961881370624

bjanicki.com

# Reference: https://twitter.com/pancak3lullz/status/1202331586324123648

aermewerog.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1202588193843032065

azonpowerpick.xyz
wanderunderwater.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1202590541248188416

balanceonwater.com

# Reference: https://pastebin.com/9eq0JJkz

penrithrivercafe.com

# Reference: https://twitter.com/reecdeep/status/1203960845413294080
# Reference: https://twitter.com/sugimu_sec/status/1203960241773113344

abrakam.site
hiteronak.icu
makretplaise.xyz
marvellstudio.online
sdkscontrol.pw
sutsyiekha.casa
ublaznze.online
udatapost.red

# Reference: https://twitter.com/sugimu_sec/status/1203964696623112194

laddloanalao.xyz

# Reference: https://twitter.com/sugimu_sec/status/1204335451990945792

sutsyiekha.casa

# Reference: https://twitter.com/luc4m/status/1204095111568805889

jhrevawef.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1204665342863253504

customerspick.com
hintdeals.com
sscupace.xyz

# Reference: https://twitter.com/reecdeep/status/1206497364351033344

abrakam.site
agenziadelleentrate.site
hiteronak.icu
holikokooo.com
mictosofts.com
qartabeers.com
teslaoilcar.com
ublaznze.online

# Reference: https://twitter.com/sugimu_sec/status/1206502975763431424

eioeruhgirbe.xyz

# Reference: https://twitter.com/reecdeep/status/1206527095452700673

eioeruhgirbe.pw

# Reference: https://twitter.com/matte_lodi/status/1206861746322968576

chloroz.xyz
tripuruguay.info

# Reference: https://twitter.com/sugimu_sec/status/1207139952334524419

vestcheasy.com

# Reference: https://twitter.com/sugimu_sec/status/1207244889559191553
# Reference: https://twitter.com/JAMESWT_MHT/status/1207247283328303105

desaidles.fun
desaidles2.fun
furmul2aso.com
furmulaso.com
ge1dmond.info
gedmond.info
gedmond.pro
gedmond0.pro
kolonimalosi.pw
kolonimalosi8.pw
new1discoveries1.com
newdiscoveries.com
newsaplicamento.surf
newsaplicamento2.surf
ohfebveub.fun
ohfebveub.xyz
zal6etuf.pro
zaletuf.pro

# Reference: https://twitter.com/malware_traffic/status/1207779656998498304

axelerode.club
brinchik.xyz
lovely-honey.club
onionpie.at
sweetlights.at
vbsdh1kjd.online

# Reference: https://twitter.com/malware_traffic/status/1208205022925860865

impedignaw.com

# Reference: https://pastebin.com/NaAgYa42

estate-advice.at
thefreshstuffs.mu

# Reference: https://twitter.com/luc4m/status/1214968509232549894

domnfrayder.site
llohumas.today
llosmoder.adygeya.su
mirroriles.adygeya.su
simferopoliulike.space
simlleratio.today
slalomdrivevrsto.today

# Reference: https://twitter.com/JAMESWT_MHT/status/1215201598642835456
# Reference: https://app.any.run/tasks/2d12799d-7ab5-47d9-a6e0-06c32e7315da/

calag.at

# Reference: https://www.fireeye.com/blog/threat-research/2020/01/saigon-mysterious-ursnif-fork.html
# Reference: https://otx.alienvault.com/pulse/5e176bed2647907c1efb1621

cdn-digicert-i31.com
cdn-gmail-us.com
cdn-google-eu.com
cdn-mozilla-sn45.com
google-download.com
mozilla-yahoo.com
securecloudbase.com
setworldtime.com
softcloudstore.com

# Reference: https://twitter.com/nao_sec/status/1216385095277219841
# Reference: https://app.any.run/tasks/8844703d-676b-415f-bf9c-83e7f507336a/

docdoccountry.agency
kilogrammund.adygeya.su

# Reference: https://twitter.com/nao_sec/status/1218051679779606529
# Reference: https://app.any.run/tasks/c1cdf8ec-0903-456c-b3bf-17f23ec61766/

boartdsdf.today
datrtkonnect.today
drupplasduemonet.today
financeleving.today
iittemgoodsg.today
klaaasdumnim.today
lohuanusiams.today
shumaherosjhlf.today
spektrumasd.agency
wyckysodary.today

# Reference: https://twitter.com/JAMESWT_MHT/status/1218099872143941638
# Reference: https://app.any.run/tasks/61bcfc59-a710-4181-b816-b8b21a42c558/

beadventure.us
institutionalknowledgemanagement.com
ivorycell.net
monalisapizzeriasi.com
philippeschellekens.com
understudyknowledge.com

# Reference: https://twitter.com/malware_traffic/status/1219804448349966336

emblareppy.com
limpopo.at
n60peablo.com
nk47yicbnnsi.com
pzhmnbargurite4819.com

# Reference: https://twitter.com/reecdeep/status/1219957440269180928

ftevinpgreta.com

# Reference: https://urlhaus.abuse.ch/browse/tag/Gozi/

asodergina.com
cuinangila.com
emblareppy.com
godeageaux.com
gutasiergo.com
gutasiergo1.com
jadityaieelyse.com
legouscuma.com
r69ioaylabrooklyn.com
rieseenchs.com
shlerlashu.com
swaloordot.com
vinalpapel.com
xpnidellashane.com
z99jeaebony.com

# Reference: https://twitter.com/luc4m/status/1220274548488265733

ey7kuuklgieop2pq.onion
living-start.at
news-deck.at
taslks.at

# Reference: https://app.any.run/tasks/70807bc4-b30a-4b53-8c3f-0b03214f9fd1/

pzhmnbarguerite4819.com
ergyeevlwtgourtney66f.com
n60peablo.com

# Reference: https://twitter.com/reecdeep/status/1220373843375722501

rheracstar.com
puminsceft.com
happopaess.com
ddeneaungy.com
wagoatilby.com
winserver-cdn.at

# Reference: https://app.any.run/tasks/f97034b0-943b-42db-8328-33cd15be4494/

bpzhmarguemrite4819z.com

# Reference: https://twitter.com/reecdeep/status/1220374457505787906
# Reference: https://app.any.run/tasks/b5149816-3148-421a-a165-572d0694a0c0/

dithomatos.com

# Reference: https://twitter.com/reecdeep/status/1220630563247337473

fampraffer.com
g53uuxexm.com
kekbobbie.com

# Reference: https://app.any.run/tasks/db0afa40-8b60-4300-ac83-93301d1710e1/

mimeaniega.com

# Reference: https://twitter.com/reecdeep/status/1220637814519402496

swloovrxcwzholden.com

# Reference: https://twitter.com/malware_traffic/status/1220531434865283072

bn60pabmloz.com
mk47ymmmcsi.com
nguyendungcosmetics.com
terersepal.com

# Reference: https://twitter.com/Bl4ng3l/status/1220629376536055808

mrcsecure.ru
secureccvip.ru

# Reference: https://twitter.com/malware_traffic/status/1220847700846968833

jottnistic.com
t199447q.com

# Reference: https://www.virustotal.com/gui/ip-address/95.181.198.151/relations
# Reference: https://any.run/report/1800822b3e467eba73278f94f26291942497c31267fe8111bc55e845d17454e2/242a8158-ba6e-4b5f-95ae-0f7bd1f80ca1

cnicaliasi.com
dampfelang.com
sfectervie.com
wonnesende.com

# Reference: https://twitter.com/reecdeep/status/1222066336672702464

logrichasi.com

# Reference: https://app.any.run/tasks/45ee09de-b199-4216-8a29-3c73c47b8b98/

drzjqkpjd34.com

# Reference: https://twitter.com/sugimu_sec/status/1222084797796777984

agenziadellentrate.space
wodce2020.xyz

# Reference: https://twitter.com/sugimu_sec/status/1222081060789317632

desaidles.fun
hammersummer.com
kolonimalosi.pw
legogogogo.pro
zaletuf.pro

# Reference: https://twitter.com/sugimu_sec/status/1222086450096640001

qsxw2020.xyz

# Reference: https://twitter.com/reecdeep/status/1222195271066583041

tahhir.at

# Reference: https://app.any.run/tasks/f73a7192-488d-4756-9f5d-a6b9f67e1b11/

boezl40.com
toblatcous.com

# Reference: https://pastebin.com/raw/3mpyeQPx

jbgool.at

# Reference: https://twitter.com/James_inthe_box/status/1114150925218639872

h33a7jzovxp2dxfg.onion

# Reference: https://twitter.com/James_inthe_box/status/1122988160223305730

aaxvkah7dudzoloq.onion
alfa-sentavra.at
anti-doping.at
miska-server.at

# Reference: https://twitter.com/benkow_/status/1147443642728103936

jm2g6cyszkutaurp.onion 
inferno-girls.at
regeneration-data.at 

# Reference: https://twitter.com/58_158_177_102/status/1150932578062352384

bibicity.ru
marcoplfind.at

# Reference: https://twitter.com/w3ndige/status/1192828465407500288

cxzko43pnr7ujnte.onion
freshness-girls.at
greenedus.com
intraders-support.at
salesforcelead.com

# Reference: https://twitter.com/w3ndige/status/1183799724979249152

ey7kuuklgieop2pq.onion
shoshanna.at
maiamirainy.at
ujaioep.website

# Reference: https://twitter.com/w3ndige/status/1198984590427340800

arethatour.icu
drunt.at
ey7kuuklgieop2pq.onion
finogorosod.xyz
maiamirainy.at
seioodsoi.club

# Reference: https://twitter.com/reecdeep/status/1199633624158679041

colordrawyx.xyz

# Reference: https://twitter.com/w3ndige/status/1201531023466610688

news-deck.at
ponimuliosdop.xyz

# Reference: https://twitter.com/w3ndige/status/1201902091100397569

elseweofferthas.co
tuesyuioodpps.xyz

# Reference: https://twitter.com/James_inthe_box/status/1207993350856380417
# Reference: https://pastebin.com/DXHpmjX0

buddy-calc.at

# Reference: https://www.certego.net/it/news/malware-tales-dreambot/

qjdyugisselle.club

# Reference: https://app.any.run/tasks/45ee09de-b199-4216-8a29-3c73c47b8b98/

drzjqkpjd34.com

# Reference: https://app.any.run/tasks/4dc52007-410d-4666-aa69-1d4da5f7b66e/

wodce2020.xyz

# Reference: https://twitter.com/benkow_/status/1221862063888314368
# Reference: https://www.virustotal.com/gui/file/2a6fef0ef37de199270eb697e42816608a2dac6e3505e71ca4e3bfd11f819def/detection
# Reference: https://www.virustotal.com/gui/ip-address/34.240.96.52/relations

34.240.96.52:80

# Reference: https://www.secureworks.com/research/gozi

/cgi-bin/certs.cgi

# Reference: https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=TrojanSpy:Win32/Ursnif.gen!F

/system/prinimalka.py/forms
/system/prinimalka.py/options
/system/prinimalka.py/command

# Reference: https://ae.norton.com/security_response/print_writeup.jsp?docid=2009-060121-0427-99

/cgi-bin/trash.py

# Reference: https://lists.emergingthreats.net/pipermail/emerging-sigs/2009-January/001818.html

/cgi-bin/pstore.cgi
/cgi-bin/forms.cgi
/cgi-bin/ss.cgi

# Reference: https://marc.info/?l=emerging-sigs&m=135206981711334&w=2

assisback.com

# Reference: https://twitter.com/VK_Intel/status/1045830804545298434
# Reference: https://pastebin.com/cDz5dvMx

aporen.at
dreemkol.at
freemon.at
ioptool.at
leproeg.at
mahono.cn
matr.at
nytronex.at
twidix.at
umpalok.at
upcu100.at
zicino.at

# Reference: https://www.vkremez.com/2018/08/lets-learn-in-depth-reversing-of-recent.html

cdrome.at
galio.at
harent.cn
ledal.at
lottos.at
popdel.at
robatop.at
tohio.at
torafy.cn
yraco.cn
4fsq3wnmms6xqybt.onion
em2eddryi6ptkcnh.onion
nap7zb4gtnzwmxsv.onion
t7yz3cihrrzalznq.onion

# Reference: https://twitter.com/campuscodi/status/1039531511144431616
# Reference: https://marcoramilli.blogspot.com/2018/08/hacking-hacker-stopping-big-botnet.html

1000numbers.com
batterygator.com
englandlistings.com
gardenforyou.org
pomidom.com
jfklandscape.com
thefutureiskids.com
romanikustop.space
securitytransit.site
sssloop.host
sssloop.space
upsvarizones.space

# Reference: https://twitter.com/VK_Intel/status/1047033551957504003
# Reference: https://pastebin.com/aMgJJc5D

doriton.at
ledalco.at
letosos.at
musicdance.at
patrons.at
relonter.at
rendes.at
strikeapple.at

# Reference: https://twitter.com/VK_Intel/status/1048068456082432000

loadbirthdaymoveproper1x4v.com

# Reference: https://twitter.com/VK_Intel/status/1105578215605764096

polkanidog.website

# Reference: https://twitter.com/VK_Intel/status/1072254720755068928

akamaicln.com
aplatmesse.com
nowerdleat.com
touggledle.com

# Reference: https://twitter.com/VK_Intel/status/1048068456082432000

loadbirthdaymoveproper1x4v.com

# Reference: https://twitter.com/VK_Intel/status/1017946476389888000

cojnqwjenqwe.com
woudausdnw.com

# Reference: https://twitter.com/Racco42/status/1102896181011795969

/about/conservative.php

# Reference: https://twitter.com/abuse_ch/status/1072117868555366400

black-transsexual-hardcore.com

# Reference: https://twitter.com/James_inthe_box/status/1109090277380116480

investingfutureram.ac.ug

# Reference: https://twitter.com/James_inthe_box/status/1113102849313988611

sorna.at
beetfeetlife.bit
rivier.at

# Reference: https://twitter.com/makflwana/status/1037120013574914048

aclassshades.net

# Reference: https://twitter.com/makflwana/status/1034320489500401664

aclassshades.com

# Reference: https://twitter.com/makflwana/status/1033935638830010368

basedplants.net

# Reference: https://twitter.com/VK_Intel/status/1114477236890083329

t97uoquintengbnia.company
koo89iiignatius.com
s45ooallison.com

# Reference: https://twitter.com/VK_Intel/status/1118143457292320769

ptl8sb.xyz
jrosinaiabbigail.com
xdanialsx.info

# Reference: https://twitter.com/VK_Intel/status/1123398721222402049

ericsgamesz.com

# Reference: https://twitter.com/VK_Intel/status/1124055499513696258

sharktankdigestq.com

# Reference: https://twitter.com/VK_Intel/status/1124400215165997056
# Reference: https://github.com/k-vitali/Malware-Misc-RE/blob/master/2019-05-03-gozi-isfb-v3-signed-vk.misp.csv
# Reference: https://twitter.com/VK_Intel/status/1134211079553388547

ch12ozoo.com

# Reference: https://twitter.com/VK_Intel/status/1123015463515115522
# Reference: https://pastebin.com/0yXa5Lqg

aaxvkah7dudzoloq.onion
alfa-sentavra.at
anti-doping.at
miska-server.at
classpana.host

# Reference: https://twitter.com/VK_Intel/status/1134600583065853953

tericks90.info

# Reference: https://twitter.com/VK_Intel/status/1142287900836601856

kusasukusa.com

# Reference: https://twitter.com/VK_Intel/status/1142517721109803009

jigalon.com

# Reference: https://twitter.com/VK_Intel/status/1143985084099420160

lolaamorza.com

# Reference: https://twitter.com/VK_Intel/status/1145235372944822273

asdcat.com

# Reference: https://twitter.com/VK_Intel/status/1146311735072215041

orzamorza.com

# Reference: https://twitter.com/kyleehmke/status/1145688670743224322

simkaart-veilig.com
veilig-simkaart.com

# Reference: https://twitter.com/reecdeep/status/1146698386319560704

xmagnoliarhoda.top

# Reference: https://twitter.com/blackorbird/status/1146688979908976642

mmrihe.xyz

# Reference: https://twitter.com/VK_Intel/status/1147229146126475264

jokerlol.com

# Reference: https://twitter.com/reecdeep/status/1148484499245817856

http://185.139.69.177/si.php
xpiperae94xw.com

# Reference: https://twitter.com/sS55752750/status/1151134247299588097

49.88.112.70:34172

# Reference: https://twitter.com/Paladin3161/status/1152003576807346177

narutik.at
pranahat.at

# Reference: https://twitter.com/VK_Intel/status/1154121098012844033

whatpepsi.com

# Reference: https://twitter.com/VK_Intel/status/1157692747475836928

morkamora.com

# Reference: https://twitter.com/VK_Intel/status/1162049529581047812

centuryboxing.xyz

# Reference: https://twitter.com/daphiel/status/1132986879895318528

nickburkholder.pw

# Reference: https://twitter.com/VK_Intel/status/1164189047218147329

wai177iowjedidiah.xyz

# Reference: https://twitter.com/VK_Intel/status/1167150071537909762

lyckapost.xyz

# Reference: https://twitter.com/VK_Intel/status/1167513152424165377

essaycomplete.xyz

# Reference: https://twitter.com/Paladin3161/status/1169920724737261568

zurichwhispers.com

# Reference: https://twitter.com/VK_Intel/status/1172601031605272576

urgentmouse.xyz

# Reference: https://twitter.com/VK_Intel/status/1172646711879032832

hanakahuna.xyz

# Reference: https://twitter.com/VK_Intel/status/1173479653723508741

yourampdlife.xyz

# Reference: https://twitter.com/VK_Intel/status/1174353167414378497

bombinet.xyz

# Reference: https://otx.alienvault.com/pulse/5d88b195e7e1652651a6aa05

brciy29o.com
ckvhss79yo87u.com
dkeagan23uiart.info
dnv9619cathy.xyz
esek412782.com
faayjasperoln.top
fea820q.info
fgbbonnie.top
fuin54baby.com
g59darlenedereck.com
h28qiay.club
j6793yojewell.club
nuiuei15norbert.com
r96hfhardyee5.com
tie12christopher30.info
twr84ue.com
zy19oeya.xyz

# Reference: https://twitter.com/VK_Intel/status/1183632661300027392

studiosrm.xyz

# Reference: https://twitter.com/jcarndt/status/1184512273412493312

koenealack.com

# Reference: https://twitter.com/reecdeep/status/1184732718371876864

nvoaeicweston.com
onivallort.com

# Reference: https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html (# Win.Packed.Gozi-7329531-0)
# Reference: https://www.virustotal.com/gui/file/0003b0a5bfd7488160015e4e0e81e2d2a61ea5f5db53cabd9b4a404be8412250/detection

frame303.at
api.frame303.at

# Reference: https://twitter.com/abuse_ch/status/1195283758414479363

z39bldfq.com

# Reference: https://twitter.com/James_inthe_box/status/1213080091439161347

securecc.ru

# Reference: https://twitter.com/malware_traffic/status/1214520928773853184

ccsecure.ru

# Reference: https://twitter.com/reecdeep/status/1223341509300424709

needforbestpropouse.xyz

# Reference: https://twitter.com/reecdeep/status/1224620543632125952

romaitaliacommerciale.site
milanoofficialfatt.online
barifattonumero.pw
officebuysell.pro

# Reference: https://twitter.com/reecdeep/status/1224623242360565763

2020lhjfhf.xyz
2020lplm.xyz

# Reference: https://www.virustotal.com/gui/domain/roiboypoka.ru/relations
# Reference: https://twitter.com/reecdeep/status/1224661920680157185

roiboypo.ru
roiboypok.ru
roiboypog.ru
roiboypoka.ru

# Reference: https://www.virustotal.com/gui/ip-address/79.124.89.241/relations

cloud-start.at
dossecure.ru
everydayparty.xyz
thefreshstuff.at

# Reference: https://www.virustotal.com/gui/ip-address/89.17.225.163/relations

adonis-medicine.at
americanexpresscprs.at
carforklou.at
cloud-start.at
dioarmmonoder.at
fitalyaka-service.at
genesisgrandergh.at
intrade-support.at
marcoplfind.at
miska-server.at
regeneration-data.at
thefreshstuff.at

# Reference: https://twitter.com/JAMESWT_MHT/status/1225064419790589952
# Reference: https://app.any.run/tasks/6021c4bb-88a2-447d-b29c-8265765483e5/

goose-mongoose.at
roiboypoleno.ru

# Reference: https://twitter.com/reecdeep/status/1227136074822115328

llh23.com
lcdixieeoe.com
vpnderrick.com
wv01gwbrgs.com

# Reference: https://twitter.com/reecdeep/status/1227521698037223424

mailnofattndel.vip
aziendaitalymail.online
fatturamentolaniasicilia.website
softwaremicrosoft.red
hiteronak.icu
abrakam.site

# Reference: https://app.any.run/tasks/64825b57-2762-4a94-91ed-90b385bc338b/

40.74.35.71:80

# Reference: https://twitter.com/Bl4ng3l/status/1228329084347920385

allage.at
aromun.at
beetfo.at
dianer.at
iomal.at
lapenik.at
6buzj3jmnvrak4lh.onion
g4xp7aanksu6qgci.onion
l35sr5h5jl7xrh2q.onion

# Reference: https://twitter.com/VirITeXplorer/status/1229697387800616965
# Reference: https://twitter.com/VirITeXplorer/status/1229698314922315776

banksesiqueira.xyz
dungdoptiop.xyz

# Reference: https://twitter.com/reecdeep/status/1230033500612505603

businessknowledgetransfer.com
ulovesaving.com
mandyenando.xyz
stilthousebeer.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1230032577425281024

bomoer.co.uk

# Reference: https://twitter.com/reecdeep/status/1230075428527910913

litmanses.at

# Reference: https://twitter.com/reecdeep/status/1230160762963988482

6vcatkjlim35nscu.onion
regutalor-stat.at
winserver-cdn.at

# Reference: https://twitter.com/reecdeep/status/1230407172686827521

ali-express1.at

# Reference: https://twitter.com/VK_Intel/status/1231451249486290944

mandyenando.xyz
stilthousebeer.xyz

# Reference: http://tracker.viriback.com/dump.php (# snapshot 2020-02-23, Ursnif)

digifriendste.com
dobaserdo.com
hiteronak.icu
holoderyttonten.website
llohumas.today
marryscristmasssanta.website
ohfebveub.xyz
skamulinus.xyz
warryotrisjmsolvlmsf.website

# Reference: https://twitter.com/reecdeep/status/1231848276812615680

link.paichecafe.com

# Reference: https://twitter.com/reecdeep/status/1231896971193069568

megpagamil.pw
megpagamilmegpagamil.xyz

# Reference: https://twitter.com/reecdeep/status/1231878352883134465

fatturapagamentodi.pw
odelpagamentorome.site
samementolaniasicilia.website

# Reference: https://twitter.com/JAMESWT_MHT/status/1231944849533829125

fragrancewipes.com

# Reference: https://twitter.com/reecdeep/status/1231955240150278144

co.ncte-india.org.in

# Reference: https://twitter.com/prsecurity_/status/1231781712742404096

http://162.213.253.229

# Reference: https://twitter.com/malware_traffic/status/1232765858910527491
# Reference: https://app.any.run/tasks/2095164e-0684-4036-8a46-aa427eac5268/

mnogonimalo.ru

# Reference: https://twitter.com/reecdeep/status/1232951783854661632

appbaripagamento.pw
fatturanewpagamentodiversi.pw
pagamentodimilanotobari.fun

# Reference: https://app.any.run/tasks/733e1200-e3e3-4d6b-a0c9-504874c58b86/

embroiderco.info

# Reference: https://twitter.com/VK_Intel/status/1233430069152026626

litelicense.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1123206109421027329

jbfd8699nia.com
wadameee.club

# Reference: https://twitter.com/x42x5a/status/1114468129327984640

westeast.world

# Reference: https://twitter.com/malware_traffic/status/1234637023971024896
# Reference: https://app.any.run/tasks/5cb7e507-da2e-4feb-90c5-7211a2187451/

olivebranchmissionarybaptistchurch.org
start.olivebranchmissionarybaptistchurch.org

# Reference: https://twitter.com/luc4m/status/1234903113166802944

alistherdata.at

# Reference: https://twitter.com/reecdeep/status/1234847737532821504

lissavets.at

# Reference: https://twitter.com/JAMESWT_MHT/status/1235527459824521216
# Reference: https://app.any.run/tasks/51556172-5f30-43f8-8501-2fdb9f4714af/

marquettburton.com
get.marquettburton.com

# Reference: https://twitter.com/reecdeep/status/1235639226567454721

cdn-cloud.at
i3r01ls5rua.com

# Reference: https://twitter.com/MSteve25/status/1235597615737319429

mt8qe6yrbd6.com
vefp242hbai.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1236966723410108416

italycovid-19.site
recoverrryasitalycovid-19.xyz
stornocovid-19.pw

# Reference: https://twitter.com/reecdeep/status/1236945237404196864

italycovid.site
stornocovid.pw
recoverrryasitalycovid.xyz

# Reference: https://twitter.com/D3LabIT/status/1236947913453993984

periufge.xyz

# Reference: https://twitter.com/reecdeep/status/1236974596487774208

asistenon.xyz
asistenzaonline.xyz
febbrarioferraro.pw
marrzioolio.casa
pizdelko.xyz

# Reference: https://twitter.com/nao_sec/status/1237046081512300544
# Reference: https://app.any.run/tasks/30763803-fe7a-4da1-8152-330e115111ff/

buchxuchsd.agency
bumbelbeed.agency
chevroletd.agency
cypryccsg.today
jeepcherhsd.agency
klivierlerthlf.today
krosfiticd.agency
loassrery.today
luhndfchsd.agency
phukeemonet.today
pokevboiving.today
pontiaxkect.today
prosprberrysd.agency
rspberrytd.agency
ruffsdf.today
rufinursd.agency
seamseamnim.today
stopcfams.today
stroganod.agency
strongerhsd.agency
yaichkihsd.agency

# Reference: https://twitter.com/VK_Intel/status/1237256944538333184

milos.hostelbobi.com

# Reference: https://twitter.com/reecdeep/status/1237391646934708227

gwc1qur.com
zsxzfgg.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1237387643194724352

wex-notdead.ru

# Reference: https://urlhaus.abuse.ch/browse/tag/Gozi/

bghqyf1.com
dvt553ldkg.com
f200rotcl2.com
fal6qo3f68.com
fukbeegh4.com
g4057ewrgyhqy.com
gs11fd5.com
kmqdagp70r.com
knuymon.com
ku3rgq4.com
nvdvdgp.com
qr12s8ygy1.com
wv01gwbrgs.com
z4v1qth.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1237396282718572551

v3wkdzd.com

# Reference: https://twitter.com/malwrhunterteam/status/1237434259553562624

primankanamanky.ru

# Reference: https://twitter.com/VirITeXplorer/status/1237655433617330176

kotbikes.xyz
mlzange.com

# Reference: https://twitter.com/VirITeXplorer/status/1237662195174998016

imhappyabout.xyz
localjobsph.xyz

# Reference: https://twitter.com/reecdeep/status/1237671965705613312

simpleboatcover.com
seokudos.com
sweetmatchup.com
lcyaolu.com
mister-al.com
elkarmacompound.com
ihatestarbucks.com
msstolemybrain.com
imebooksgiveaway.com
freesubmissiondirectoryy.com
wishnwish.com
5continentsproperty.com
travelconfidently.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1237686282970697728

eyerockphotography.net

# Reference: https://twitter.com/reecdeep/status/1237679921545306112

q9gee3f1.com

# Reference: https://twitter.com/Bl4ng3l/status/1237680913443684352

wherefreestylelives.com
details.wherefreestylelives.com

# Reference: https://twitter.com/VirITeXplorer/status/1238014307121745920

collegeinmenu.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1238054206386450432
# Reference: https://app.any.run/tasks/1714849b-23d4-4c4f-a147-4ab1dfeaa258/

scultbet.com

# Reference: https://twitter.com/bomccss/status/1238312640096563201

netretgidare.com

# Reference: https://twitter.com/bomccss/status/1209842185551499265

detacacids.com

# Reference: https://twitter.com/bomccss/status/1209843734088601600

c71yovern.com
sfmtcxts.com

# Reference: https://twitter.com/bomccss/status/1209905697690812416

b9kamrynlilliana.com

# Reference: https://twitter.com/bomccss/status/1210047638843772929

imnantrape.com

# Reference: https://twitter.com/Zerophage1337/status/989571016895713280
# Reference: https://app.any.run/tasks/2a064aed-3e5a-4690-87e7-78da4435352c/

86.105.18.236:443

# Reference: https://twitter.com/nao_sec/status/1239137537328701442
# Reference: https://twitter.com/reecdeep/status/1239466649356550144
# Reference: https://app.any.run/tasks/72580d88-98c9-4495-8321-27f0f6763a2c/

bblugadash.agency
braunierwherbatis.today
chuvakastod.today
cmelgibdsong.today
drupboxedsd.agency
feruimniimsxs.today
globalnishkad.agency
if3instore4.agency
lelemssd.agency
lilybanksed.agency
loophyperrd.agency
loshamakentisht.today
lrufunurd.agency
naggantsd.agency
pigtamnetd.today
pilllowedsd.agency
sroibushkashsd.agency
stopcfams.today
stophangerdslf.today
stratorsct.today
stuppedrtef.today
tybdranocidw3.agency
yukadukas.agency

# Reference: https://twitter.com/reecdeep/status/1239473120987275266
# Reference: https://app.any.run/tasks/dc56ada8-0d1a-41f9-85c4-354966b56a71/

aftnoop.at
laurela.at
pipen.at

# Reference: https://twitter.com/bomccss/status/1239716843431923712
# Reference: https://app.any.run/tasks/b881bebf-8ded-4eb2-a62e-198a095bad69/

alistherdatas.at
get.fletchapp.com

# Reference: https://twitter.com/reecdeep/status/1239851638992646144

eiurbfvpewirub.xyz
eouryfvioeurfoevri.xyz
findoitaliafattura.pw

# Reference: https://twitter.com/FaLconIntel/status/1239876026513022976
# Reference: https://pastebin.com/JECpbgp6

donatafatturaitalia.pro
pgfatt.xyz

# Reference: https://twitter.com/Bl4ng3l/status/1240253133785358336

vatunboard.com

# Reference: https://twitter.com/malware_traffic/status/1240326583786844162

pmfi74.com
snap-licdn.com

# Reference: https://twitter.com/reecdeep/status/1240570564017901570
# Reference: https://app.any.run/tasks/a4b2eff3-77f7-4da0-bcdc-7c04b9156837/

kamalak.at

# Reference: https://twitter.com/w3ndige/status/1240637812887732226

cloudservice.club
form-updater.at

# Reference: https://twitter.com/malware_traffic/status/1240810985776205827

avqm2sd6.com
jearlenef.com
q5278biboyd.com

# Reference: https://twitter.com/jorgemieres/status/1240804469228568578

silviaformigligooo.us

# Reference: https://twitter.com/reecdeep/status/1240906811559022593

q29lanceshaniya.com
vtorrancekx59.com

# Reference: https://twitter.com/teamcymru/status/1240972864892928001
# Reference: https://securityaffairs.co/wordpress/99823/malware/ursnif-campaign-targets-italy.html

kolamana.com
tealex.it

# Reference: https://twitter.com/FaLconIntel/status/1241568444551741441
# Reference: https://app.any.run/tasks/e074bc0d-7edf-4e58-86ad-f7e3dd8df714/
# Reference: https://pastebin.com/M1JFcPcj

alfabanjrrd.agency
bsberbakh.agency
cdastroitod.today
cmguffiong.today
dampometiktd.today
dstopdaltdsd.agency
glmrakobesad.agency
ilupitdrope4.agency
lbusinesd.agency
lkakaushkid.agency
lostellazikdht.today
lotlybankied.agency
mozetradugis.today
nlembdasd.agency
pikazanhsd.agency
schepsdik.today
slaungdt.today
sstrousihhsd.agency
ssvetleitef.today
stanetvsemxs.today
stkraevoirdslf.today
tasinhromiidw3.agency
ymulenrougas.agency
zetradugis.today
vetleitef.today

# Reference: https://www.virustotal.com/gui/ip-address/47.74.44.93/relations

malorun.at

# Reference: https://twitter.com/JAMESWT_MHT/status/1242014733886201858

falloitalbar.store
gioliofattura.xyz
pagamentodelordinenumero.online

# Reference: https://app.any.run/tasks/44378179-4c2a-42d0-99e9-5818b7e8937a/

poskncpeiuywbt.xyz

# Reference: https://twitter.com/reecdeep/status/1242017555675480066

803g4548fgf.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1242041463925506053
# Reference: https://app.any.run/tasks/751f395b-33e4-4f5e-89eb-0b63153195a8/

dangerously.xyz

# Reference: https://twitter.com/reecdeep/status/1242163727123824641
# Reference: https://app.any.run/tasks/53918911-78d7-429d-95a0-6ec6c7542db3/

m1rd9egxfxinnsoq.com

# Reference: https://twitter.com/DynamicAnalysis/status/1242169195388907521

aperforrmingnextyou.xyz

# Reference: https://twitter.com/malware_traffic/status/1242251392640782337

bao-universe.com
rylandi2002.com
shengbo769.com

# Reference: https://twitter.com/malware_traffic/status/1242523433537339392
# Reference: https://app.any.run/tasks/977c8ac0-f325-428b-bbbf-0719bde2dfb6/

chersoicryss.com
cqftatumg59.com
fharmonue54w.com
jtevin46.com

# Reference: https://twitter.com/Mesiagh/status/1242524899605753856

xolzrorth.com

# Reference: https://twitter.com/w3ndige/status/1243251811559055361
# Reference: https://www.virustotal.com/gui/domain/yubz.net/relations

yubz.net

# Reference: https://twitter.com/malware_traffic/status/1243301158002855938

x0fopmxsq5y2oqud.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1244897065387397126

philippeschellekens.com
timbervalleyfarm.com

# Reference: https://twitter.com/reecdeep/status/1244929068262404096
# Reference: https://app.any.run/tasks/74e7b8d1-793a-4dbc-a365-78063dc7531d/

loadkaklokja.xyz
9ureyowuher9b.xyz
newitpagamentofor.xyz

# Reference: https://app.any.run/tasks/964e4bb8-5a59-496b-9fa8-c3799b6f687e/

phukeemonet.today

# Reference: https://twitter.com/FaLconIntel/status/1244987364033720330
# Reference: https://pastebin.com/dbnX69rX

afilepagamentoinn.xyz

# Reference: https://twitter.com/VK_Intel/status/1245435955982610432

conniethemonkey.xyz

# Reference: https://twitter.com/prakhargyl/status/1245129816346472448

residenzaborgopio.it/cartanoevo/billmanager.php
projectsplanit.xyz

# Reference: https://app.any.run/tasks/fd306d47-a412-4594-a82e-c452cd6f9db6/

prlottonews.xyz

# Reference: https://app.any.run/tasks/872756de-b4bf-4d23-a7a6-d4ab87200e51/

karntnatural.xyz

# Reference: https://twitter.com/luc4m/status/1245681887294771200

prlottonews.xyz

# Reference: https://twitter.com/luc4m/status/1245673834100871168

karntnatural.xyz

# Reference: https://twitter.com/reecdeep/status/1246079898722217988
# Reference: https://app.any.run/tasks/41af3257-45ea-4b9b-8eb1-717e87eaa98d/

c93dg24kellie.info
liiuab4.com
tidgoee51connor.top

# Reference: https://twitter.com/malware_traffic/status/1245116296368394240

10bonusonline24.info
kapswholesale.info

# Reference: https://blog.talosintelligence.com/2020/04/threat-roundup-0326-0403.html (# Win.Malware.Ursnif-7641287-1)

groupcreatedt.at

# Reference: https://twitter.com/abuse_ch/status/1247065975662555137

dropshipbear.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1247084500305227778
# Reference: https://app.any.run/tasks/f4c80d1b-74fc-4ee4-9b16-920abaf19a9d/

prlottonews.xyz

# Reference: https://twitter.com/VK_Intel/status/1248317800587972610

triomigratio.xyz

# Reference: https://app.any.run/tasks/0798e675-9b4f-467b-98e0-889321182f90/

ni96lyric.com

# Reference: https://twitter.com/abuse_ch/status/1249986843334057984

nutarborg.com
basa.nutarborg.com
fatturatrader.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1249996944698757120

trattoriafiori.xyz

# Reference: https://twitter.com/reecdeep/status/1249956885329072128

primecontentstudios.com

# Reference: https://twitter.com/reecdeep/status/1250041202847727617

localjobsph.xyz

# Reference: https://twitter.com/reecdeep/status/1250319363019657219
# Reference: https://app.any.run/tasks/61e2d22b-39c2-4693-a6af-a817954d8405/
# Reference: https://pastebin.com/7MWMbikn

brabusery.today
buhlavashie.agency
dimdimichf.today
ktravelcd.agency
kvestianopolupas.today
labibocraf.today
lyblyatovorysd.agency
mechtvoid.agency
monakolorakosg.today
motilkayotrkid.agency
nosapodyuid.agency
ogonkaflowerd.agency
optimustraiin.agency
pechenietatd.agency
pikaninet.today
sambabelogotd.agency
shtormition.agency
storunesgim.today
sviridovosd.agency
tokyomangass.host
vetrograds.today
yrganitoving.today
ytrechts.agency

# Reference: https://twitter.com/reecdeep/status/1250378509245128705

asistenon.xyz
febbrarioferraro.pw
flazzomazzo.xyz
marrzioolio.casa
marzoferazzo.xyz
newuploadswift.pw
rezelko.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1250391330192269314

largefamiliesonpurpose.com
monalisapizzeriasi.com

# Reference: https://twitter.com/reecdeep/status/1250378509245128705
# Reference: https://app.any.run/tasks/147930cb-471c-4a7b-90eb-2df1bbb022fa/

iuyefgweoiuhf.xyz

# Reference: https://twitter.com/reecdeep/status/1252859101291241472

bluechipstaffing.com
securezza.at

# Reference: https://www.virustotal.com/gui/domain/thatallmafaka.at/detection

thatallmafaka.at

# Reference: https://www.virustotal.com/gui/domain/vip-tours.at/detection

vip-tours.at

# Reference: https://twitter.com/reecdeep/status/1253232918224351232

personalfsbocoach.com
wudjarather.xyz

# Reference: https://twitter.com/VirITeXplorer/status/1253217826367832065

andrewzelaya.com
dermvalet.xyz
rolandojgarcia.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1253236199508054016

searchfundaccelerator.org

# Reference: https://twitter.com/JAMESWT_MHT/status/1253244690935267328

primecontentstudios.com
pontida.info
rolandojgarcia.com

# Reference: https://twitter.com/Mesiagh/status/1253420571527770113
# Reference: https://pastebin.com/Qp87MJVB

to4karu.ru
zvednyisvet.ru

# Reference: https://www.virustotal.com/gui/domain/gstat.hamiltoncustomhomesinc.com/relations

hamiltoncustomhomesinc.com
gstat.hamiltoncustomhomesinc.com

# Reference: https://twitter.com/p5yb34m/status/1253473594631286785
# Reference: https://twitter.com/p5yb34m/status/1253477856413286400

woofwoofacademy.xyz

# Reference: https://twitter.com/reecdeep/status/1255063841131630598

tramvaineedet.ru

# Reference: https://twitter.com/JAMESWT_MHT/status/1255051529146511360
# Reference: https://www.virustotal.com/gui/domain/gstat.dondyablo.com/detection

dondyablo.com
gstat.dondyablo.com

# Reference: https://twitter.com/reecdeep/status/1255175139093876737

bbfjjf8.com
ireiureoi0dwoi.com
katedesktop64.com
leasurefilletmarrow.com
sunhutburgerzzz.com

# Reference: https://twitter.com/malware_traffic/status/1255267206323154945

siicg8lgadurupkt.com

# Reference: https://twitter.com/reecdeep/status/1255407481758638080

sustainableworkplacewellness.com
link.sustainableworkplacewellness.com

# Reference: https://twitter.com/malware_traffic/status/1255990764531789825

qut69bf00e.com

# Reference: https://twitter.com/VK_Intel/status/1256652248547045377

barecao.xyz

# Reference: https://twitter.com/Bl4ng3l/status/1257575407525810176

respondcritique.xyz
staging2.lifebiotic.com

# Reference: https://twitter.com/reecdeep/status/1257579411244822529

fellowstock-puree.com
hotjotchi.com
leekscheeks777.com
oaw5ibkcxru.com
snowcraymar.com

# Reference: https://twitter.com/reecdeep/status/1257925401504034816
# Reference: https://twitter.com/abuse_ch/status/1257929586404458496
# Reference: https://bazaar.abuse.ch/sample/476cf8c09a0cd1cfe759430ab40fdedc652833ca2d54de78c5449ea50ebabe7c/

82.118.22.163:9955
couturefloor.com
yourceocoach.com
starlightgroupllc.com
gstat.couturefloor.com
gstat.yourceocoach.com
line.starlightgroupllc.com

# Reference: https://app.any.run/tasks/e3d4901b-e3e9-49d2-97d2-3b41909e49d2/

zp9u2sk8nz5.com

# Reference: https://twitter.com/reecdeep/status/1257953208535863296

divorcescheap.xyz
thepieslice.com

# Reference: https://twitter.com/reecdeep/status/1258313559890632704

alisiemental.host
consaltingz.com
marketpalasei.casa

# Reference: https://twitter.com/reecdeep/status/1258293318041112576

ramtool.at

# Reference: https://twitter.com/SBousseaden/status/1259810798161010693

canesalt2tanzania.com
clownmice123.com
dieuwoqpq.com
lettucecharity2012.com
reflora-refraction.com
squidhala.com

# Reference: https://twitter.com/CyberRaiju/status/1260133414851588097
# Reference: https://app.any.run/tasks/89b049a8-d5a5-4691-983a-f39a19a2a350/

ksoniay95ee.info

# Reference: https://twitter.com/reecdeep/status/1260479732493225995
# Reference: https://urlhaus.abuse.ch/url/362018/

betarg.com/cms/cashback/pinkash/wp-content/plugins/loginpage/
voucherdome.com
wuxiyujingxuan.com
hexingmumen.com
fpwoueopwwoq.com
juwoqoqpwieu.com

# Reference: https://blog.talosintelligence.com/2020/05/threat-roundup-0508-0515.html (# Win.Dropper.Ursnif-7772130-0)

bplaplanetsurface.com

# Reference: https://app.any.run/tasks/2eacdd4c-b184-4815-a67d-64a37bf0174b/

getlearningsolutions.com
peshtigodental.com
securitiessupportunit.com
gstat.getlearningsolutions.com
gstat.peshtigodental.com
gstat.securitiessupportunit.com

# Reference: https://bazaar.abuse.ch/sample/1056a7c5f05db0959b76c0d3b78d31937bc463934a343e0d233c694b0d83db98/

post.positivefocusskills.com

# Reference: https://www.telekom.com/en/blog/group/article/lolsnif-tracking-another-ursnif-based-targeted-campaign-600062
# Reference: https://otx.alienvault.com/pulse/5ec2b0ec5c874fda58db6d02

explik.at
farihon.at
ganikol.at
ioipzet.at
lamanak.at
mobify.at

# Reference: https://twitter.com/reecdeep/status/1263055265995395073

farmingtondewdays.com
medusaranch.com
line.farmingtondewdays.com
post.medusaranch.com

# Reference: https://twitter.com/reecdeep/status/1263367418212159488

bespokemerchandises.com
worldwidebars.xyz

# Reference: https://twitter.com/VK_Intel/status/1263498500848979969

addiamentali.org
rezidentialia.xyz

# Reference: https://twitter.com/DynamicAnalysis/status/1263511499080941569
# Reference: https://twitter.com/DynamicAnalysis/status/1263520897085976586

g009clvp1l7.com
tauhutxiga.com
monsuperentrepreneur.com
tangocation.com
e4a24fb0e.com
f78efaf43b.com
k4xqhb6u4fo.com

# Reference: https://www.virustotal.com/gui/file/e8d386ebfdf8846bed319fe96fefa8b1613cde6ee6375d3988bca93ee2bd3866/detection

j20d7b.com

# Reference: https://twitter.com/reecdeep/status/1263827163364630528
# Reference: https://pastebin.com/raw/uS6PMrdB

a8xui1akl9gjqucfa.com
c88gpm21qoal18bmk.com
h6e2at7du07f7a2ip.com
m8pwsczg0bbzw48j7.com
nrhlxbt9covscex9b.com
se66ndx04fofu3sqv.com
cot3d.com
zhankai168.com
360yunkang.com
bcp7mbg.com
ke3rrzx.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1264793127593938950

globaltcms.com
gstat.globaltcms.com

# Reference: https://twitter.com/reecdeep/status/1265204697041862661

consaltinger.com
consulttrus.org.com

# Reference: https://twitter.com/reecdeep/status/1265530996922953729

ddoborguild.com
beibiandmom.com
gstat.ddoborguild.com
line.beibiandmom.com

# Reference: https://twitter.com/reecdeep/status/1265542875921743872

poundie.xyz

# Reference: https://twitter.com/abuse_ch/status/1265611357392646146

37.10.71.211:9955
peshtigodental.com
ylonnsalonchicago.com
gstat.peshtigodental.com
gstat.ylonnsalonchicago.com

# Reference: https://twitter.com/reecdeep/status/1265645824861749250

abee1d18255e.com
f3d189430.com
hswawuo7c8axfxw3.com
phartmaster.com
testpb12e12uufepure.com

# Reference: https://twitter.com/p5yb34m/status/1265749526909870080

ft23fpcu5yabw2.com
j5sfioue15kxqs.com
nrs2wjke0t2vz9.com

# Reference: https://twitter.com/VK_Intel/status/1265931934607212544

votboo.xyz

# Reference: https://twitter.com/reecdeep/status/1266040510147411968

lenceria2000.com
wola4ru08w9i7jjpuc.com

# Reference: https://twitter.com/Mesiagh/status/1266427848165736448

edszkas7gimk7v.com

# Reference: https://twitter.com/reecdeep/status/1266285374340399107

sibelikinciel.xyz

# Reference: https://twitter.com/Circuitous__/status/1266086835270356992

s6oo5atdgmtceep8on.com

# Reference: https://twitter.com/luc4m/status/1266054376692441088

mbclegacyllc.net
line.mbclegacyllc.net

# Reference: https://twitter.com/reecdeep/status/1265965627589656576

matthewsalemstolper.com
gstat.matthewsalemstolper.com

# Reference: https://twitter.com/reecdeep/status/1267328903846207494

onpremisely.xyz

# Reference: https://app.any.run/tasks/5e81cda7-b0fb-4552-b46e-5d40331bfb96/

bizzznez.com
bizzznez.org

# Reference: https://twitter.com/p5yb34m/status/1267971830301601795

babytoydeals.xyz

# Reference: https://twitter.com/reecdeep/status/1268088914969014274

llbntv.com
madvertising.org
gstat.llbntv.com
line.madvertising.org

# Reference: https://bazaar.abuse.ch/sample/e2c3c4353ccda08c13102fdb6b53f63ac2af6285954de11fa3cfa8b707ae0834/

cfwc-deanzadistrict.org/accounts/accounts.php
susanslewis.xyz

# Reference: https://twitter.com/VK_Intel/status/1269715718502785024

exeupay.xyz

# Reference: https://bazaar.abuse.ch/sample/a0827b06bad13e450aa21407068d1c34d24d8c8441647c3bc7231a507105146e/

yunforworld.xyz

# Reference: https://twitter.com/seguridadyredes/status/1269918727698554880

a-zcorner.com
awh93dhkylps5ulnq-be.com
knockoutlights.com

# Reference: https://twitter.com/reecdeep/status/1270272141754347521
# Reference: https://app.any.run/tasks/c9c518d8-1d3e-4a7e-8574-e082fcf26638/

consaltin.com
consaltin.org
uevtachen.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1270314489511100417

llbntv.org
vmf216.com
gstat.llbntv.org
gstat.vmf216.com

# Reference: https://twitter.com/reecdeep/status/1270379738184515590

rockyndawn.com
xsiv7v4qzjq6rdmpp.com

# Reference: https://twitter.com/reecdeep/status/1270763108286582784

gofokfha1ww.com
hkdjuilkwwq2t.com
klt9x5q3tj.com
rokifann25s.com

# Reference: https://twitter.com/luc4m/status/1270790333295517696

lkmwdfe.xyz
ygvrfepzz.xyz

# Reference: https://twitter.com/CapeSandbox/status/1270853344731545602

mitial.at

# Reference: https://twitter.com/malware_traffic/status/1270802292451745792

thjfasfdjkf1qjt.com

# Reference: https://twitter.com/reecdeep/status/1271721654654287872
# Reference: https://malienist.medium.com/lolsnif-malware-e6cb2e731e63

arsis.at
cdn.arsis.at

# Reference: https://app.any.run/tasks/6021226c-4f23-4014-9c1b-93dcdb35ef9b/

icloudcowboy.com
link.icloudcowboy.com

# Reference: https://bazaar.abuse.ch/sample/b53e42e6ce1bc5fe332920c16fc69a4e6d0eb26ed31fe67149dcb1ec79e401b5/

memberteam.works/templatesb/
vvietnamnews.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1274996544266272771

lifeartphotographers.com
peshtigodental.com
thecrowband.com
gstat.peshtigodental.com
gstat.thecrowband.com
line.lifeartphotographers.com

# Reference: https://twitter.com/luc4m/status/1275021211731259395

peshtigodental.com
peshtigodental.net
peshtigodental.eu
peshtigodental.xyz
sloleaks.com
sloleaks.net
sloleaks.eu
sloleaks.xyz
securezal.com
securezal.net
securezal.eu
securezal.xyz
securezal.com
securezal.net
securezal.eu
securezal.xyz
secundato.com
secundato.net
secundato.eu
secundato.xyz
secundato.com
secundato.net
secundato.eu
secundato.xyz
secundamo.com
secundamo.net
secundamo.eu
secundamo.xyz
premiamo.com
premiamo.net
premiamo.eu
premiamo.xyz
premiamo.com
premiamo.net
premiamo.eu
premiamo.xyz
securezzas.com
securezzas.net
securezzas.eu
securezzas.xyz
securezzis.com
securezzis.net
securezzis.eu
securezzis.xyz
securanto.com
securanto.net
securanto.eu
securanto.xyz
securanto.com
securanto.net
securanto.eu
securanto.xyz

# Reference: https://pastebin.com/raw/ULiRjt3H

29degod-soil.com
50kmission.com
76leof-nerve.com
82geod-misery.com
cloptio.com
fast-pacedworld.com
fepz41.com
qqm9lv.com

# Reference: https://twitter.com/reecdeep/status/1276557105860939782

ttcfv.com
ddc17.com
smc-coding.com
restyle-prinner.com
81spdi-tick.com
22wedz-crate.com
48boden-flow.com

# Reference: https://app.any.run/tasks/d87258f6-f4a5-426e-b6b7-addfe1a490e9/

kmoderatordstezya.website
silkavayssstezya.website

# Reference: https://app.any.run/tasks/22bb91d4-a8db-4b23-98e1-8c4f328cedd2/

ehrlum.com
securityguardlisting.com
gstat.securityguardlisting.com
line.ehrlum.com

# Reference: https://urlhaus.abuse.ch/downloads/text_recent/

5u2mr.com
9nag0.com
a9nq0z.com
dy5x1.com
e7xfxb.com
fdhwgm.com
fepz41.com
gr223t.com
gx6995.com
ihgd1u.com
mbzrrt.com
ofxvp.com
qqm9lv.com
u8pmg.com
voaxd.com
w0j3oq.com

# Reference: https://twitter.com/reecdeep/status/1278268071837421568
# Reference: https://twitter.com/makflwana/status/1278149070859628544
# Reference: https://twitter.com/JAMESWT_MHT/status/1278599830055550976

lavorosubordinatosmartw.org
casecose20smart.net
vrhgroups.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1279997794321866752

sergiocilli.com
sloleaks.com
gstat.sergiocilli.com
gstat.sloleaks.com

# Reference: https://twitter.com/AgidCert/status/1280054899661836288

line.winneratlaw.com

# Reference: https://twitter.com/reecdeep/status/1280417219701334016
# Reference: https://twitter.com/VirITeXplorer/status/1280418885003591681
# Reference: https://app.any.run/tasks/cf0a3b26-2f51-48cd-b6a6-ce1d80a4e0cc/
# Reference: https://app.any.run/tasks/de4ba735-ac2e-4482-aa8b-75bce23fa916/

casevacenze2020top.com
uncomfermed.com

# Reference: https://app.any.run/tasks/b22fbea8-9533-4738-bccd-4e1c8115caf7/

nabudore.top
mesoplano.com

# Reference: https://twitter.com/reecdeep/status/1280498405106647040

50pm4.com
dgokmertli23q.com
monbruusr2aqr.com
pssiofrotms1q.com

# Reference: https://twitter.com/p5yb34m/status/1280575552034762752

9bgnq.com
d7uap.com
p7hne.com

# Reference: https://twitter.com/reecdeep/status/1280750789015863298

careinmexico.com
gstat.careinmexico.com

# Reference: https://twitter.com/reecdeep/status/1281155984359133184

9ygw2.com
e9bja.com
ioyyf.com

# Reference: https://twitter.com/reecdeep/status/1281151312860676096

amehota2gfgh.com
gofast22gfor.com
qumogtromb2a.com

# Reference: https://twitter.com/luc4m/status/1281512985853341696
# Reference: https://www.virustotal.com/gui/file/f19aa26546ae8dba9987d3d281a50b46483669640d48cf8cad39ecb0aef46fb7/detection

bmtdrink.xyz

# Reference: https://www.virustotal.com/gui/file/5d85e5487833bc2483e5c086db701ecbecc7bf58069ccf707d7f98a33db556ad/detection

noseladci74mbv1e.com

# Reference: https://www.virustotal.com/gui/file/54cd8c1f46ad7d1906f802bc17ee9b954184734ba2174aa549599289151f9063/detection

fladwestle.com

# Reference: https://www.virustotal.com/gui/file/f0b0d5d435806e8e60bff1c105caf3a5a8618d9c5aa7c079ef2e0b904be9371d/detection

oucricomal.com

# Reference: https://www.virustotal.com/gui/domain/sameslealm.com/relations

sameslealm.com

# Reference: https://www.virustotal.com/gui/file/719315f85b3f611b571c958d0a66d17b55f61d36f580d7240993123038d55051/detection

tanklemech.com

# Reference: https://www.virustotal.com/gui/file/22db4b564c57aa117d6a6dc3f0f78ef995f0b06ef91e13831fc05bdec5978ea9/detection

onialisati.com

# Reference: https://www.virustotal.com/gui/file/19a8aa0277f1d27b01db3c1436ab9ec8d3e2bbec20647228daf33f1ff44f7c22/detection

uc6vfjlvkc412.com

# Reference: https://twitter.com/abuse_ch/status/1282579270435577857
# Reference: https://bazaar.abuse.ch/sample/c7552fe5ed044011aa09aebd5769b2b9f3df0faa8adaab42ef3bfff35f5190aa/

blueglobalit.com/afterschool/schoolgirls.php
vilecorbeanca.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1282929848634298368

ineedcurbappeal.com
securezal.com
gstat.ineedcurbappeal.com
gstat.securezal.com

# Reference: https://twitter.com/reecdeep/status/1282965312628051968

greenbuss.com
redflash.org

# Reference: https://app.any.run/tasks/46fdad35-6ce6-4852-9dd4-c40250e3fd07/

http://185.94.191.113

# Reference: https://twitter.com/malware_traffic/status/1283490255706959873
# Reference: https://pastebin.com/bp40H1Nb
# Reference: https://pastebin.com/raw/DZNj1XQ6

3ogrrst.com
7ty3r5x.com
bne0g5e.com
dc57p88.com
g0x5byv.com
kxwh2gp.com
l4fnses.com
9qjjytj66p.com
d50y1psaqv.com
jars1umcf5.com
osk4iim2jg.com
pv60oib8e7.com
xakkpl3nwc.com
zxe9tmtff3.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1283663757772718080

gstat.coneybucks.com

# Reference: https://twitter.com/reecdeep/status/1283675503552008192

premiamo.com
premiamo.eu
secundamo.com
secundato.com
secundato.net
securanto.com
securanto.net
securezal.xyz
securezzas.com
securezzis.net
gstat.secundato.com
gstat.secundamo.com
gstat.premiamo.com
gstat.securezzas.com
gstat.securanto.com
gstat.secundato.net
gstat.securezzis.net
gstat.securanto.net
gstat.premiamo.eu
gstat.securezal.xyz

# Reference: https://twitter.com/reecdeep/status/1293827423935574017

gstat.rayzacastillo.com

# Reference: https://pastebin.com/PFjweRxk

glemallory.top
qk2688kolby.info
t23bendarron.top
krandalfyi.com
xjllvivienne.band
zy70aa.company
nay27lawrenceu.top
nvr82644ooei.info
wee2684iy62.club
f5ekqcgwa.com
n7omje.com
w56benedict.com
qhudsonaannalise.company
qsavionjeff.com
w40clementinauug.com

# Reference: https://twitter.com/malware_traffic/status/1285669899696775175

vx9c3ku.com

# Reference: https://twitter.com/killamjr/status/1286296550516367364

redfcpi.com

# Reference:https://pastebin.com/raw/bfTG05My

63gtxkqvv.com
b28h13xbx.com
bpnztvz2x.com
fg8h4913m.com
g8gj20th7.com
kso7s3fyt.com
p1s7p1m95.com
pyfdn25qu.com
x5t3l5gnr.com
zai5fp642.com

# Reference: https://gist.github.com/MattLParker/2ef3de9f0b29073bfaab27d17146153e

k1gms6e.com
y7y3h25.com

# Reference: https://pastebin.com/raw/Tx0DRvK9
# Reference: https://app.any.run/tasks/9bc3dcd4-8943-420a-af01-9bd46df84a6d/

1s3yvvw.com
q9kixdq.com
aqjdl9x.com
ey0ta54.com
res66hh.com

# Reference: https://pastebin.com/a5rqv7c7
# Reference: https://www.virustotal.com/gui/ip-address/159.89.174.73/relations

0uso87.com
60c4wn.com
8cfayv.com
apc846.com
c3au3r.com
qzg0oi.com
vkr0bt.com
ycjjvl.com
yt549w.com
zgo2ze.com

# Reference: https://www.virustotal.com/gui/file/3b4836d48caf23fe4c2f4e542ad8cef8cf9ad5276d67af001e4aa89d0b002905/detection
# Reference: https://www.virustotal.com/gui/ip-address/194.5.249.184/relations

gototherand.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1288030277583941632
# Reference: https://twitter.com/VirITeXplorer/status/1288029999077961729
# Reference: https://app.any.run/tasks/757be9df-7a0e-4350-ba74-be2002f1af7f/
# Reference: https://app.any.run/tasks/ab088916-fdbf-4a5b-baba-a77923f5d372/

46.21.150.162:443
gestioneinbizzotutto.com
inviatotutoneladon.com

# Reference: https://twitter.com/luc4m/status/1288079002666545152

epfobgoeuyifr.xyz
osdifubgoief.xyz
wepoiufgewr.xyz

# Reference: https://twitter.com/reecdeep/status/1288849943294287873

6kd743o1w.com

# Reference: https://pastebin.com/NvzmauW1

0eed1ejih.com
1iif89rvl.com
6gsdlmpym.com
8wsed5qkw.com
bofzvaxf6.com
jfmmusox0.com
py072wgiw.com
ybvoc9qoo.com
z7rflq080.com

# Reference: https://www.virustotal.com/gui/file/5a3e9fd1064a2cf1d149fa87e5dd4ce99152345289c6f356fe52c679d6dd83b9/detection

websolutionfriends.com

# Reference: https://www.virustotal.com/gui/file/516ff48a2ecb99693312cd7992502be5655eb332a2708914bed425407b8c4bf3/detection

md54uurpw.city
mchanceusaige.com
mmgstjenifer.company

# Reference: https://twitter.com/reecdeep/status/1290260109260595200

g7ah9a.com

# Reference: https://www.virustotal.com/gui/file/b7f2dddd27a7118f6f6cc3923f2af1f83ca5b8ea722ea05f6b27845469899c67/detection

uhq943.com

# Reference: https://twitter.com/p5yb34m/status/1290408585273344001

cecee61.com
n4c3wr.com
niqyd4.com
vkiz1mv.com
xhs9a81.com

# Reference: https://twitter.com/VirITeXplorer/status/1290558452650188801

fattnumdelordine.com
statoffbal.com

# Reference: https://isc.sans.edu/forums/diary/TA551+Shathak+Word+docs+push+IcedID+Bokbot/26438/
# Reference: https://otx.alienvault.com/pulse/5f2d7028f25fbdc6daa1b016

ch4ck0j.com
dywb3va.com
ed9fb4.com
j9b8q8.com
osog5n.com
oyomc2z.com
pncq6h.com
pt48tir.com
scgi76.com
sv51gh.com
vebk1x.com
xk625lf.com

# Reference: https://twitter.com/reecdeep/status/1292828204445696001
# Reference: https://app.any.run/tasks/b3b03b8f-80bc-4ef7-9fa9-ffdc9fd6b0af/

q5pv4v.com

# Reference: https://twitter.com/p5yb34m/status/1292886770246225920

rrn0sm7.com
i0avgy.com
ts0ev73.com
wqu65x.com
zr7y3f.com

# Reference: https://pastebin.com/raw/Ye7MrSqV

bz3p06l.com
dtin0r.com
kgzz30.com
kwmknxy.com
malat0h.com
rrn0xm7.com
vq22znt.com

# Reference: https://twitter.com/malware_traffic/status/1293226393535471616
# Reference: https://pastebin.com/raw/9rRLuMT5

dad4e13.com
iknod8.com
k2tvs59.com
lem1vx.com
mfar1o.com
vsqs5m.com
yoi1p6r.com

# Reference: https://twitter.com/reecdeep/status/1295399848569712642
# Reference: https://app.any.run/tasks/26ef48a4-c45b-48f3-8a63-c5b02f7467b4/
# Reference: https://pastebin.com/raw/4tgby2qV

a136h2u.com
a5he9s.com
b97pm6.com
g7hu923.com
hsrykxc.com
lbov709.com
m5cqjhp.com
u30x3ch.com
z70g6n.com
zncx4ha.com

# Reference: https://twitter.com/matte_lodi/status/1293857856312283136
# Reference: https://app.any.run/tasks/f19d504d-0c45-40fe-b0aa-b883dba27392/

gameplays.fun

# Reference: https://cert-agid.gov.it/news/campagna-ursnif-veicolata-tramite-falsa-mail-inps/
# Reference: https://cert-agid.gov.it/wp-content/uploads/2020/08/IoC_Ursnif_13-08-2020_17-08-2020.txt

americansreachingmanyservices.com
interactivegood.com
gstat.americansreachingmanyservices.com
social.interactivegood.com

# Reference: https://twitter.com/reecdeep/status/1295303048592490496

campdiy.com
farfetchedproductions.com
line.campdiy.com
social.farfetchedproductions.com

# Reference: https://twitter.com/reecdeep/status/1295304449192333312
# Reference: https://app.any.run/tasks/fe84c1f7-ae86-452c-a1c9-06410a4980a0/

farmlifesupplements.com
gstat.farmlifesupplements.com

# Reference: https://twitter.com/reecdeep/status/1295727323052945411
# Reference: https://app.any.run/tasks/c33bd52b-f56e-486f-9b7f-55ac112e8554/

g8pf47.com

# Reference: https://twitter.com/James_inthe_box/status/1295769909083815936

ty5uaq.com

# Reference: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back

3wuk8wv.com

# Reference: https://twitter.com/Unit42_Intel/status/1296500515065536515
# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-08-18-TA551-IOCs-for-IcedID.txt

c0sfgh.com
ehy2iyq.com
g8pf47.com
ltdcsz.com
ty5uaq.com
vuv7s5k.com
wirrhb.com

# Reference: https://twitter.com/reecdeep/status/1296716921874898944

http://185.189.112.228
houunolu1.xyz

# Reference: https://twitter.com/reecdeep/status/1296809596351283200

alvtxe.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1298513625108434945

kangweid.com
gstat.kangweid.com

# Reference: https://yoroi.company/warning/campagna-di-attacco-previdenza-sociale/
# Reference: https://otx.alienvault.com/pulse/5f467e9da1ca3a54f0dab886

coryriley.com
web.coryriley.com

# Reference: https://otx.alienvault.com/pulse/5f4b9616d6ea0c3eb671a1da
# Reference: https://www.virustotal.com/gui/file/607a12245c0c924f9734a4d3b78586e2421f2148ddf64283c83c954e4337e1ef/detection

xplpgi.com

# Reference: https://app.any.run/tasks/53b52b08-1973-431a-aaaa-855e6c61f491/

pfu3g21.com

# Reference: https://urlhaus.abuse.ch/host/p1ewgj.com/

p1ewgj.com

# Reference: https://twitter.com/reecdeep/status/1300432198135418880

qzxrqi.com

# Reference: https://app.any.run/tasks/3f236655-b536-4bbc-8594-b0c0a0262e8b/

xpe1qhe.com

# Reference: https://app.any.run/tasks/dd98767d-45f9-4c6f-a680-cac0fd5dd7de/

cu021fa.com

# Reference: https://app.any.run/tasks/bb484acc-0d53-4fde-a323-fcc5e6c9dcb8/

ahrueq.com

# Reference: https://urlhaus.abuse.ch/url/451040/
# Reference: https://www.virustotal.com/gui/ip-address/78.40.219.55/relations

fm1n2ug.com
x0hohx6.com

# Reference: https://urlhaus.abuse.ch/url/451039/
# Reference: https://www.virustotal.com/gui/ip-address/45.10.110.21/relations

e77jq8.com
wu4i4g.com

# Reference: https://twitter.com/reecdeep/status/1301159068279746561

munkk5.com

# Reference: https://blog.talosintelligence.com/2020/09/salfram-robbing-place-without-removing.html
# Reference: https://otx.alienvault.com/pulse/5f5120c23b86bf1880a2ba7c

line.lawnteam.org
line.rllconsulting.com

# Reference: https://twitter.com/p5yb34m/status/1303408866483290112
# Reference: https://twitter.com/malware_traffic/status/1303446029535244288
# Reference: https://pastebin.com/2g5HWPF8

ctq41z.com
dr8hiw8.com
jrvg0ao.com
kr50pf.com
lhxlihz.com
rflf84.com
s0vufk.com
spcang.com
z30of5.com

# Reference: https://twitter.com/reecdeep/status/1303646181738844161
# Reference: https://app.any.run/tasks/460a1692-c5ad-4f4e-b9bc-397d136f77d3/

bigmoneyboss.xyz
laptok.at

# Reference: https://twitter.com/theDark3d/status/1303833409542905858
# Reference: https://twitter.com/malware_traffic/status/1303838239980163073

pipkaboss.xyz

# Reference: https://twitter.com/reecdeep/status/1304051067093692422

krqegpf.com

# Reference: https://twitter.com/p5yb34m/status/1304108801860071424
# Reference: https://pastebin.com/Z4kWrhSF

1gsegpf.com
avrb37f.com
dr8r2rq.com
jr1faao.com
krqegpf.com
krtew5f.com
rfa8t14.com
sasbrng.com
ssa3afk.com
z3as34q.com

# Reference: https://twitter.com/reecdeep/status/1304434962188382210
# Reference: https://twitter.com/malware_traffic/status/1304507387957608450
# Reference: https://pastebin.com/bRT1y6rv
# Reference: https://app.any.run/tasks/714db0e5-89a9-4e4c-bf22-c70da604c903/

a66i3j.com
bkyigbm.com
bz3izuh.com
cf09oe.com
cjlf16.com
ozxa1jr.com
sjfmz82.com
ugnlgg.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1305413711637684224

line.wedowindowsplus.com
wedowindowsplus.com

# Reference: https://twitter.com/VirITeXplorer/status/1305417502856564736

web.fromtheeast.org

# Reference: https://twitter.com/reecdeep/status/1305425265946955777
# Reference: https://app.any.run/tasks/c3cadab8-932d-4512-8290-b1d3955a1542/

healingwithtapping.com
stat.healingwithtapping.com

# Reference: https://twitter.com/reecdeep/status/1305434744361017344
# Reference: https://app.any.run/tasks/bdf060de-3241-46c9-b5bd-aa9a64ac25ca/

alicegrange.com
theziongroup.com
log.theziongroup.com
web.alicegrange.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1305431697543045120

eftformotherissues.com
service.eftformotherissues.com

# Reference: https://twitter.com/reecdeep/status/1305523915054354433
# Reference: https://app.any.run/tasks/2c48723a-6803-4f9d-a330-63d546408b9d/

wnc2sod.com

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-09-14-TA551-IOCs-for-IcedID.txt

chvqi4w.com
dugfsg.com
ihf8rrn.com
k6xqu9m.com
r81a1dk.com
vh9sjhs.com
vzns9d.com
weyua6.com
yqe0nf.com

# Reference: https://twitter.com/reecdeep/status/1306120623224164358
# Reference: https://app.any.run/tasks/166c35e3-12e9-4cc0-b0b5-ab3fc612edd4/

service.ohmpala.com
web.canoeontario.com
canoeontario.com
ohmpala.com

# Reference: https://twitter.com/reecdeep/status/1306125009899974662

michelleanneclements.com
permanentetch.com
spronken-medical.com
wouterspace.net
line.permanentetch.com
link.spronken-medical.com
log.wouterspace.net
stats.michelleanneclements.com

# Reference: https://app.any.run/tasks/3f7a8363-0f6d-4b08-b3e4-13c4b9f42f49/
# Reference: https://twitter.com/p5yb34m/status/1306391578685005824
# Reference: https://pastebin.com/raw/8WMDPNYi

ab94z0.com
bl3cavy.com
c1c2l0i.com
cztixxy.com
fffufk.com
safj3ng.com
swf1fas.com
tq9kma.com
vdnu32a.com
vsav42a.com

# Reference: https://twitter.com/p5yb34m/status/1306664525983150080

p3gcak.com
ue4j6g.com

# Reference: https://app.any.run/tasks/26ee997f-0d0b-44ee-9fd8-3bac150c2899/

link.stopcollectionlawsuits.com

# Reference: https://app.any.run/tasks/1a36925b-c192-4ece-a09b-ec4a29c1cb1a/

api10.laptok.at

# Reference: https://app.any.run/tasks/21dd0684-862d-4d4b-8c0a-9b27fc81f2f4/

mddgdia.com

# Reference: https://urlhaus.abuse.ch/url/608608/

m7zfuu.com
qtudtro.com
sqgdzi.com
vxsi5p2.com

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-07-06-TA551-IOCs-for-Valak-with-IcedID.txt

dwniu8n.com
eto9ve1.com
g7bxxcu.com
rlb9lmt.com
wfpyutf.com
wnrfa9y.com

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-07-07-TA551-IOCs-for-Ursnif-with-IcedID.txt

http://82.146.44.82
aciferhib3larw.com
50pm4.com
58tiy.com
9bgnq.com
ft6gw.com
d7uap.com
p7hne.com
pui4p.com
zs6eb.com

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-07-09-TA551-IOCs-for-Ursnif.txt

9ygw2.com
e9bja.com
cofi3.com
ioyyf.com
hq3ll.com
n2f79.com
nix4e.com
r0rfk.com
gstat.securezzas.net
maigmehm2gl.com
securezzas.net
tenutasanpaolo.com
tobmojiol2adf.com

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-07-14-TA551-IOCs-for-IcedID.txt

1bwsl4.com
804gtd.com
m33xa3.com
n9i9ep.com
nm5oi0.com

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-07-16-TA551-IOCs-for-IcedID.txt

oqg1v2laen.com

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-07-17-TA551-IOCs-for-IcedID.txt

1rvi3p.com
19cxca.com
50joqg.com
5fbthd.com
6yqg9j.com
hiha7n.com
ij7541.com
rax0qn.com

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-07-20-TA551-IOCs-for-IcedID.txt

b5js78uz.com
brult5bw.com
g0zh8lb3.com
kip2moht.com
pqfhjp0j.com
yamrii4g.com
z977oq4e.com
zp8kbgfs.com

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-07-21-TA551-IOCs-for-IcedID.txt

9ryhmsk.com
na6j8eg.com
pd2iyml.com
qxe3uaq.com
vx9c3ku.com
xei319b.com
xo4z0sl.com
y0wssdb.com
zpx0okh.com

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-07-23-TA551-IOCs-for-IcedID.txt

2w17h6a.com
3wuk8wv.com
awb6q4j.com
efc86dd.com
h7llj8w.com
imrhln0.com
nlx6300.com
redfcpi.com
w4nuvjy.com

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-07-31-TA551-IOCs-for-IcedID.txt

2vvezz8.com
4xj0nhh.com
a095t1v.com
b94yhzk.com
impq4r6.com
fi1psgm.com
jifu8av.com
nx25duv.com
q05oi5s.com
z79ou4j.com

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-08-03-TA551-IOCs-for-IcedID.txt

c9554sq.com
cecee61.com
g7ah9a.com
k5didw.com
n4c3wr.com
niqyd4.com
qoab76.com
u1edcdn.com
vkiz1mv.com
xhs9a81.com
yf8p0p.com
zifudk8.com

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-08-13-TA551-IOCs-for-IcedID.txt

a75ttto.com
au7vlt.com
e1u21kl.com
edxudx6.com
ge2y74.com
mqp6p7d.com
or8gucu.com
plnr9gs.com
w5yejb.com
wmkfdu.com
ycd4tjz.com
yra9rm.com

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-08-14-TA551-IOCs-for-IcedID.txt

bcxsxb.com
dd1wmu5.com
li7x63d.com
owrty2.com
scwwne.com
tikamnd.com
z1qgyxs.com

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-08-20-TA551-IOCs-for-IcedID.txt

fbz7fl.com
fk1s50.com
g7b26ut.com
i47cml.com
ip7g25w.com
jve7kr.com
kx8sp52.com
pob8bvm.com
sh1ywp.com
twu5vut.com
w4l8qww.com
xb5k6j.com

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-08-21-TA551-IOCs-for-IcedID.txt

ncznw6a.com
q6ig2w.com
tdzlbz2.com
vjk1cap.com
znmenb.com
zzjetgj.com

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-08-27-TA551-IOCs-for-IcedID.txt

ehubo3y.com
mm24b1h.com
nuzloz.com
s3lm81.com
ti37xy.com
xaat39f.com
xdeho9.com
yj5hzv.com

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-08-28-TA551-IOCs-for-IcedID.txt

alci55l.com
gn5nla.com
mfph3n0.com
onrfm5v.com
w450l5.com
x7exf2.com
zqr4o1l.com

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-08-31-TA551-IOCs-for-IcedID.txt

d5z7xg.com
ewo5xuk.com
zloojq.com

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-09-01-TA551-IOCs-for-IcedID.txt

gc7cro.com
qottlh.com
qswbhz5.com
y68sxa.com

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-09-17-TA551-IOCs-for-IcedID.txt

c6ut9we.com
g94ju4.com
gjb3sd1.com
m6vtrk.com
p3gcak.com
pvi24bu.com
ue4j6g.com
xgsxdae.com

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-09-21-TA551-IOCs-for-IcedID.txt

csxciyt.com
dsb5vd.com
f9pv81.com
hq1m7wt.com
ldzcb4.com
lkcij4k.com
k21ddmo.com
mwd3sq.com
q9d2ya.com
rb16q6a.com

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-09-23-TA551-IOCs-for-IcedID.txt

b82uw6.com
epgymd.com
gswxig.com
m7zfuu.com
mddgdia.com
qtudtro.com
sqgdzi.com
vxsi5p2.com

# Reference: https://twitter.com/reecdeep/status/1311560515819372545
# Reference: https://app.any.run/tasks/453bd3e7-a8d1-4699-86d2-f7e93d82d074/

log.whateverittakesdoc.org
service.21stcenturyleadersawards.org
web.plainfielddentalcare.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1311568592614445056

link.fixuppropertysolutions.com
log.whateverittakesdoc.org
service.21stcenturyleadersawards.org

# Reference: https://app.any.run/tasks/991ee0d9-3989-486a-9b52-7a5c27dd315f/
# Reference: https://www.virustotal.com/gui/file/2dafec4a481b71cab7e7fab950cc9f8683ddb6f35922a4c938be6988410d035a/detection

91.224.161.116:80
slammagysmanskkapsulrttezya.website
zigigannapionna.live

# Reference: https://app.any.run/tasks/7038f243-72c5-4546-855e-e1220211a61e/

gnalmgysmanask4ermanderezya.website
nalgysmanurmaskmikluhasya.website
rubymgysmanmaskrufinurtdrfezya.website
rusitmgysmanaskpikabyatezya.website
rutramagysmanskkmoderatordstezya.website

# Reference: https://app.any.run/tasks/991ee0d9-3989-486a-9b52-7a5c27dd315f/

rbabamrgysmanmaskriserdfnstezya.space
rramaskkmigysmanleronurzya.website
rubalasksigysmanlkavayssstezya.website
runyanmgysmanaskklasgindtezya.space
rurparagysmanmaskstreptokokusstezya.space
rurprgysmanamskprikchinhdncstezya.space
skumrmgysmanaskihglassdzya.website

# Reference: https://www.virustotal.com/gui/file/4f77bf747a377f0c2dd497e410ca4960cf432e9632c06bc4e2c37e254926d739/detection

76.73.17.194:9090

# Reference: https://twitter.com/JAMESWT_MHT/status/1313359428691857408

hybridcorehomescc.com
link.hybridcorehomescc.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1313362305309192193

hybridhomesteam.com
service.hybridhomesteam.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1313364212903743488

log.newhybridhome.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1313385260852408321

stats.softoptions.com

# Reference: https://twitter.com/reecdeep/status/1313421952170811392
# Reference: https://app.any.run/tasks/20133e30-5e3a-4453-9344-d31ccd397050/

notificaritardipagamentof24.com
santaliny.net

# Reference: https://www.virustotal.com/gui/ip-address/162.0.239.161/relations

162.0.239.161:443
fatturandel.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1313438622310436865

tdrcoastalhomes.com
line.tdrcoastalhomes.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1313756512968474624

line.republicpracticesolutions.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1313776298913943552

service.heritageimagingcenter.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1313830543948218370
# Reference: https://twitter.com/JAMESWT_MHT/status/1313850878743506945
# Reference: https://app.any.run/tasks/b9f94c48-e37c-4c49-8d2f-22e9c0153ba2/

splendidwillow.com
log.splendidwillow.com
stats.splendidwillow.com
web.synizstore.com

# Reference: https://www.malware-traffic-analysis.net/2020/10/06/index.html

a020dxl.com
f9i9n4t.com
fl9o7m0.com
fwpxcm9.com
gckppms.com
hhy5lu.com
jdsjheu.com
o7s3dv4.com
pu1gsz.com
ptjtnr.com
satkwx.com
wgvo4o.com

# Reference: https://twitter.com/malware_traffic/status/1313952618948030464
# Reference: https://app.any.run/tasks/6e2dc937-ba68-49ca-8c8e-f4137e5d2ea0/
# Reference: https://pastebin.com/raw/Dv6edvut

a7d94ba.com
chu576f.com
gb6r8qo.com
jv9b74.com
mkba3y.com
p78m58.com
ss02vx.com
tqbx93.com

# Reference: https://twitter.com/p5yb34m/status/1314628032762527744
# Reference: https://app.any.run/tasks/c254d07f-fc3e-4c79-ac38-5736bdcecc2e/
# Reference: https://app.any.run/tasks/08fb7f3e-30b3-422b-92f7-d3f2495b3468/
# Reference: https://app.any.run/tasks/6dd6ed8c-4e16-4f26-be9e-3807d10527ae/
# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-10-09-TA551-IOCs-for-IcedID.txt

cy6pu9.com
eyefhq.com
krwrf1.com
o6nsoh1.com
ohpf4pd.com
pfjwj7k.com
qyeqkl.com
s0mjr9.com
u6zxgw.com
wjbbmd2.com
yajgw8.com

# Reference: https://app.any.run/tasks/1dd149c5-ef59-40d4-b4fc-d813be5afe4e/

h4dv4c.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1316006529502310400
# Reference: https://bazaar.abuse.ch/sample/64567431faf0e14dacab56c8b3d7867e7d6037f1345dc72d67cd1aff208b6ca7/

bn50bmx.com

# Reference: https://www.virustotal.com/gui/file/15bb9330c20cbdb3e71e1ff47a65e19c75fa4dee8e398fb6d2e544c08c354e10/detection

deepmoler.at

# Reference: https://www.virustotal.com/gui/ip-address/87.106.18.141/relations
# Reference: https://www.virustotal.com/gui/ip-address/47.241.19.44/relations

ahah100.at
ahonpot.at
alfa-sentavra.at
alfgoonop.at
allager.at
aromun.at
augustreys.at
balictus.at
beemstop.at
beetfo.at
bitkoler.at
ceelop.at
chrading-reading.at
cloud-start.at
cloud-support.at
cyajon.at
cyberplay.at
deopliazae.at
dirchat.at
doolap.at
dooliter.at
doolop.at
doter.at
evama.at
ewonook.at
extermas.at
exvorid.at
farihon.at
farimon.at
feen007.at
filat.at
fitalyaka-service.at
frencko.at
fvnoop.at
galimbal.at
gaploop.at
genesisgrandergh.at
glencon.at
goyanok.at
hacnostri.at
hamanana.at
hheepet.at
hopkeen.at
in100k.at
incomes.at
inferno-girls.at
intrade-support.at
intser.at
ioipzet.at
iomal.at
iowbased.at
iqwoot.at
kamalak.at
karilor.at
kartop.at
korordomozi.at
lapenik.at
laptok.at
learto.at
lepini.at
maccareno.at
marcoplfind.at
mashallah.at
maytermsmodiall.at
miska-server.at
mo100.at
mobify.at
mobipot.at
momonol.at
narutik.at
niolan.at
norot.at
onliva.at
paratim.at
pranahat.at
pronhat.at
ramtool.at
regeneration-data.at
rexa.at
rivier.at
teforyn.at
vox001.at
voxder.at
warsh.at
weartum.at
webglencon.at
zapkopw.at
zenzenco.at
zicino.at
zorip.at
zszsko.at

# Reference: https://twitter.com/JAMESWT_MHT/status/1316246872210706433
# Reference: https://twitter.com/reecdeep/status/1316299677428584448

987images.com
lenssexy.com
seemimigo.com
tomshobbies.com
link.tomshobbies.com
log.lenssexy.com
line.seemimigo.com
service.987images.com
stats.wadadliphoto.com
wadadliphoto.com
windowsclassic.co

# Reference: https://twitter.com/JAMESWT_MHT/status/1316311353896902656
# Reference: https://bazaar.abuse.ch/sample/2e0b219c5ac3285a08e126f11c07ea3ac60bc96d16d37c2dc24dd8f68c492a74/
# Reference: https://www.virustotal.com/gui/file/2e0b219c5ac3285a08e126f11c07ea3ac60bc96d16d37c2dc24dd8f68c492a74/detection

sandypaterson.com

# Reference: https://isc.sans.edu/diary/rss/26674

aqdcyy.com
akfumi.com
ar99xc.com
bn50bmx.com
h4dv4c1w.com
krwrf1.com
mbc8xtc.com
osohc6.com
pdtcgw.com
qczpij.com
t72876p.com
vwofdq.com

# Reference: https://twitter.com/malware_traffic/status/1316558850674380806
# Reference: https://pastebin.com/raw/DRJzjnX1

c7cyzl.com
dsv3tk.com
foud7v4.com
i5hibsc.com
tynupd.com
vx1sz8.com
wqmxf8k.com
yg2zdng.com

# Reference: https://twitter.com/p5yb34m/status/1317147640409174017
# Reference: https://twitter.com/malware_traffic/status/1317238281554317313
# Reference: https://www.malware-traffic-analysis.net/2020/10/16/index.html
# Reference: https://www.virustotal.com/gui/file/1fed67755aaef012806500286cb48da114a9b5c7c7cc216231fa9f04539b66c8/detection

bu9i07f.com
c1iilno.com
cogxrm.com
dm4ol1c.com
go5bln3.com
h46r7vf.com
htki9x.com
ku16x0o.com
mf2es5.com
u80mw4.com
y21r11j.com

# Reference: https://mal-eats.net/2020/11/12/analysis_of_the-_icedid_campaign_for_japan/

cradle5590.com
erase1656.com
flower5428.com
follow1906.com
story6649.com
what6233.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1318080129948635138

log.technosolarsystems.net
technosolarsystems.net

# Reference: https://twitter.com/reecdeep/status/1318070357358686211

blogicompany.com
service.technosolarsystems.com
technosolarsystems.com

# Reference: https://twitter.com/p5yb34m/status/1318253954854080512

xydf0m.com
ym5zuxo.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1318418917463830531
# Reference: https://app.any.run/tasks/7ecb9621-0786-47ab-a4ac-4a47b3904c15/

ssls.microsoft.com
windowclient.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1318415779268874240

linksystems.casa

# Reference: https://twitter.com/JAMESWT_MHT/status/1318452686312886273

systemlinks.casa

# Reference: https://twitter.com/p5yb34m/status/1318603069911805954
# Reference: https://app.any.run/tasks/d2ee2243-dcf0-4a7d-96af-08317bffa886/

egmr6csa9qsg.com
gm9rlei16lamz5.com
p4uk749i8t6vay.com
rbjh933kw0xx65x8.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1318836363417051141
# Reference: https://twitter.com/JAMESWT_MHT/status/1318829021707239424
# Reference: https://app.any.run/tasks/4a430275-1368-4491-86bc-ec5d7170d2df/

blogilive.casa
livesystems.bar
livesystems.casa
livesystems.cyou
windowstats.com

# Reference: https://pastebin.com/raw/PKA5TwMz

b7nfcx4.com
bsls9ny.com
cte64uc3ede65oq.com
g33r59eug.com
egmr6csa9qsg.com
gm9rlei16lamz5.com
p4uk749i8t6vay.com
rbjh933kw0xx65x8.com
xf8z9878f.com

# Reference: https://github.com/pan-unit42/iocs/blob/master/TA551/2020-10-19-TA551-IOCs-for-IcedID.txt

elliekg.com
gjcz2j8.com
ixrbph.com
k8qdr07.com
mwnb93z.com
xydf0m.com
ossxj1.com
ud7vzlt.com
ym5zuxo.com
zcbw6z7.com

# Reference: https://twitter.com/reecdeep/status/1321020916625776640

santaliny.org
willeam.net

# Reference: https://twitter.com/malware_traffic/status/1321211578113511425

moon6651.com
space7873.com
ticket6798.com
virtual9408.com
/tbqxj1
/tbqxj2
/tbqxj3
/tbqxj4
/tbqxj5
/tbqxj6
/tbqxj7
/tbqxj8
/tbqxj9
/tbqxj10
/tbqxj11
/tbqxj12

# Reference: https://twitter.com/58_158_177_102/status/1321583599485820928
# Reference: https://app.any.run/tasks/4e842de4-2dee-4f8c-ab25-d52a0c7bc4c0/
# Reference: https://app.any.run/tasks/2bbc6d3e-f0ca-42cd-8cac-f3af5296eea5/
# Reference: https://app.any.run/tasks/dbc926f6-eb68-43af-9a55-bc307b781754/
# Reference: https://app.any.run/tasks/deebf118-abe7-4ea5-9e33-81bce557d426/
# Reference: https://app.any.run/tasks/f64b9924-6022-428e-a0d7-4bd8ed3a3f01/
# Reference: https://www.virustotal.com/gui/ip-address/167.99.248.130/relations
# Reference: https://twitter.com/malware_traffic/status/1321991386435096581
# Reference: https://pastebin.com/G6y7yTiy
# Reference: https://pastebin.com/yBXAq9Wb

apple6813.com
bread3250.com
diamond2948.com
enrich3459.com
fade9400.com
monster2064.com
news7264.com
patch6838.com
smooth8490.com
space7873.com
spot6327.com
wild2486.com
/csyj1
/csyj2
/csyj3
/csyj4
/csyj5
/csyj6
/csyj7
/csyj8
/csyj9
/chti1
/chti2
/chti3
/chti4
/chti5
/chti6
/chti7
/chti8

# Reference: https://twitter.com/58_158_177_102/status/1323420403277033472
# Reference: https://app.any.run/tasks/8beff69c-0c5c-4ea2-9205-8b7ca7ade6f7/

recycle9393.com
/gzlov1
/gzlov2
/gzlov3
/gzlov4
/gzlov5
/gzlov6
/gzlov7
/gzlov8
/gzlov9
/gzlov10
/gzlov11
/gzlov12

# Reference: https://twitter.com/58_158_177_102/status/1323761820729970688
# Reference: https://app.any.run/tasks/6ee36ef9-13e5-454c-b94c-0eb275e28749/

shop4706.com
/xrei1
/xrei2
/xrei3
/xrei4
/xrei5
/xrei6
/xrei7
/xrei8
/xrei9
/xrei10
/xrei11
/xrei12
/xrei13

# Reference: https://twitter.com/malware_traffic/status/1323766476541775874
# Reference: https://pastebin.com/kHXmMhQQ

fame5810.com
flag1571.com
garden1219.com
profit3486.com
recycle9393.com
suffer2379.com

# Reference: https://pastebin.com/iYHLnJfg

essay9763.com
oppose1345.com
parent8700.com
soda8729.com
/iuyala1
/iuyala2
/iuyala3
/iuyala4
/iuyala5
/iuyala6
/iuyala7
/iuyala8
/iuyala9
/iuyala10
/iuyala11
/iuyala12
/iuyala13

# Reference: https://pastebin.com/raw/j6Fchg9E

alley2857.com
bonus8742.com
harbor6814.com
shop4706.com
shoulder6024.com
sort7452.com
table4920.com
track6609.com

# Reference: https://twitter.com/58_158_177_102/status/1325704915839184896
# Reference: https://twitter.com/VirITeXplorer/status/1325706704563089408
# Reference: https://app.any.run/tasks/df7f3936-ea80-44c5-a6fc-38ad72479402/

agentsystems.cyou
systemagent.bar
systemagent.cyou
statwindows.com

# Reference: https://twitter.com/VirITeXplorer/status/1326067488795340800
# Reference: https://twitter.com/reecdeep/status/1326080559001587712
# Reference: https://www.difesaesicurezza.com/en/restrictedareacat/cybercrime-italy-hit-by-a-continous-ursif-gozi-offensive/
# Reference: https://www.virustotal.com/gui/ip-address/141.136.36.252/relations
# Reference: https://www.virustotal.com/gui/ip-address/31.41.44.83/relations

premiumclass.bar
premiumclass.cyou
premiumline.bar
premiumline.casa
staticwindows.com

# Reference: https://urlhaus.abuse.ch/browse/tag/gozi

line.hotelcabosanlorenzo.com
link.panibaba.com
line.queensfurnitureoutlet.com
line.stopcollectionharassment.com
line.zeebracross.com
link.republichealthresources.com
link.giantfurnitureoutlet.com
log.angelicabrown.com
log.idealfurnituredirect.com
log.rstempler.com
service.drnjithendran.com
service.idealfurnitureoutlet.com
service.mymindmap.net
stats.charleswbrownonline.com
stats.idealfurnituregalleryny.com
stats.stopthecase.com
stats.technosolarenergy.net
web.emergingsun.com
web.myfortunekitty.com
web.babycarriersingapore.com
web.golden-goblin.com
web.heartyian.com
emergingsun.com
myfortunekitty.com
babycarriersingapore.com
golden-goblin.com
heartyian.com
pagamentif24online.com

# Reference: https://twitter.com/reecdeep/status/1326101935015989249
# Reference: https://app.any.run/tasks/16198cd4-65a9-477b-8a81-5ea50875dd5c/

willeam.org

# Reference: https://app.any.run/tasks/faebb720-2e55-405e-abda-858d6946989a/

windowstation.bar

# Reference: https://twitter.com/JAMESWT_MHT/status/1326444396045283329

blogerstatic.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1326464855411486720
# Reference: https://app.any.run/tasks/968b5d7b-94c0-49e5-b1f7-4ea1c439a4ce/

sandypaterson.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1327198617560559618
# Reference: https://twitter.com/ffforward/status/1327203314157711360
# Reference: https://twitter.com/reecdeep/status/1327233252093005825
# Reference: https://app.any.run/tasks/9c845c6a-633d-41fc-836c-40112ad18065/
# Reference: https://www.virustotal.com/gui/file/be294b6faca17e762d1722ea1e447a3ad3a57b4c110cfe8ff515e3d2047c5ad2/detection

bonderlas.xyz
cabstess.website
cocolabs.xyz
dabsgantt.website
mngeedon.website

# Reference: https://twitter.com/reecdeep/status/1328637997445754883

deleghe.org

# Reference: https://twitter.com/JAMESWT_MHT/status/1328584139071762434
# Reference: https://app.any.run/tasks/a7d72031-662e-468c-9fc5-7994c881eb34/

blogicstatus.com
liveswindows.bar

# Reference: https://twitter.com/reecdeep/status/1328676958159466496

http://46.21.153.238
http://89.45.4.118
http://94.198.40.26
folerunoku.club
gerometony.club
massonianz.com
myfoodland.org
stratosferi.net
volerunoku.club

# Reference: https://twitter.com/VirITeXplorer/status/1329329642801684481
# Reference: https://www.virustotal.com/gui/ip-address/185.186.142.126/relations
# Reference: https://app.any.run/tasks/b7a71c9e-8f63-4f81-b78e-0f4cc829c4e6/

connectionline.casa
connectionline.cyou
connectionlines.casa
connectionlines.cyou
connectionsline.cyou

# Reference: https://app.any.run/tasks/1baa107f-3e2f-4909-be7b-249ade996a3b/

billinglines.com

# Reference: https://twitter.com/58_158_177_102/status/1329591778635235328
# Reference: https://twitter.com/58_158_177_102/status/1329591782519177218
# Reference: https://app.any.run/tasks/9a6231ad-313a-4dff-a22a-e087f99edbb4/
# Reference: https://app.any.run/tasks/383862d8-66f5-4de9-b013-1d99f8bde04f/
# Reference: https://twitter.com/malware_traffic/status/1329934246249697280
# Reference: https://www.malware-traffic-analysis.net/2020/11/20/index.html

dbw-equip8964.com
dhl-rule6692.com
eeb-sight5314.com
fg-clip8673.com
gp-select7372.com
ney-impose8272.com
oc-timber7979.com
pmj-intact5338.com
ta-price8067.com
xg-endorse4501.com
xgk-company2593.com
/ahtap1
/ahtap2
/ahtap3
/ahtap4
/ahtap5
/ahtap6
/ahtap7
/ahtap8
/ahtap9
/ahtap10
/ahtap11
/ahtap12
/ahtap13
/ahtap14
/ahtap15
/ahtap16
/ahtap17
/ahtap18
/ahtap19

# Reference: https://twitter.com/JAMESWT_MHT/status/1330761150783516672
# Reference: https://app.any.run/tasks/37a50f00-6432-4d2e-84cd-f21c764747e6/

gamenetline.com
windomains.bar
windomains.cyou
windowsmain.casa
windowsmain.cyou

# Reference: https://twitter.com/JAMESWT_MHT/status/1331144752071389193
# Reference: https://app.any.run/tasks/c82f59b1-e724-4e5f-8d2e-61c10b08da05/

connectstats.bar
connectstats.cyou
statsconnect.cyou
statsconnect.casa
showpics.bar

# Reference: https://twitter.com/reecdeep/status/1331190456802275329
# Reference: https://app.any.run/tasks/c78b9117-dc77-4a7f-904f-0e8d6fb618f2/

compagniamaestro.com
marzoom.org

# Reference: https://twitter.com/reecdeep/status/1331192427454083073
# Reference: https://app.any.run/tasks/999e7bb7-c9da-4c9a-b3da-1f255da33e8a/

http://89.44.9.160
folerunoku.club
gerometony.club
massonianz.com
myfoodland.org
stratosferi.net
volerunoku.club

# Reference: https://twitter.com/malware_traffic/status/1331259415022825473
# Reference: https://www.malware-traffic-analysis.net/2020/11/24/index.html
# Reference: https://pastebin.com/BR3dZTNU

fu-vapor8895.com
l-laptop6658.com
/lxnt1
/lxnt2
/lxnt3
/lxnt4
/lxnt5
/lxnt6
/lxnt7
/lxnt8
/lxnt9
/lxnt10
/lxnt11
/lxnt12
/lxnt13
/lxnt14
/lxnt15
/lxnt16
/lxnt17
/lxnt18
/lxnt19

# Reference: https://twitter.com/malware_traffic/status/1331720027188441088
# Reference: https://pastebin.com/raw/43E0C8w3

dx-approve9690.com
gwz-mass5938.com
fi-orphan1895.com
lzw-steak3686.com
mh-library9619.com
nl-sick9850.com
ty-orange2331.com
uj-mercy8209.com
xp-follow1711.com
zwl-scrap3426.com
/pupg1
/pupg2
/pupg3
/pupg4
/pupg5
/pupg6
/pupg7
/pupg8
/pupg9
/pupg10
/pupg11
/pupg12
/pupg13
/pupg14
/pupg15
/pupg16
/pupg17
/pupg18
/pupg19

# Reference: https://www.virustotal.com/gui/file/9e0cfd00991a3d387a78770a7748418b4d0ab978717f84a399d766b19a971df0/detection

njoopsday.website

# Reference: https://twitter.com/JAMESWT_MHT/status/1333288949494804480
# Reference: https://twitter.com/Circuitous__/status/1333455545295101954
# Reference: https://app.any.run/tasks/79a81d74-95e5-4898-83b9-b5b1945c18e6/ 

premialestats.co
premiumstat.co
premiumstatics.co
settingsline.com

# Reference: https://www.virustotal.com/gui/file/05d73823bd77a9f07f680970056098c06a98fdcb4522a221a411281b41e665cf/detection

leenoliloy.com

# Reference: https://twitter.com/malware_traffic/status/1333485185841713157
# Reference: https://pastebin.com/x9iiCjGH

ewrhh539reopen.com
fhnz798comic.com
fr920victory.com
nipng629usage.com
ppxw332object.com
zf556energy.com
zivd990grow.com
/urizk1
/urizk2
/urizk3
/urizk4
/urizk5
/urizk6
/urizk7
/urizk8
/urizk9
/urizk10
/urizk11
/urizk12
/urizk13
/urizk14
/urizk15
/urizk16
/urizk17
/urizk18
/urizk19

# Reference: https://twitter.com/JAMESWT_MHT/status/1333712461707489281
# Reference: https://twitter.com/luc4m/status/1333766220944986114
# Reference: https://app.any.run/tasks/88afecfe-e1c0-48f1-a918-85c24a4811c7/

certjficazione.com
chinotta.com
dobere.com

# Reference: https://twitter.com/VirITeXplorer/status/1334407757005533186
# Reference: https://twitter.com/VirITeXplorer/status/1334423774402375687
# Reference: https://twitter.com/reecdeep/status/1334405233708068865
# Reference: https://app.any.run/tasks/36a2830f-4541-4009-b2f8-ddcfcfcfcf2d/
# Reference: https://app.any.run/tasks/c5acd0ee-1d6f-45f4-b8a3-c83ada28ed82/

d515country.com
hrw393pilot.com
knt807fault.com
nfj254aim.com
rou488reopen.com
tna873miracle.com
ystatistics.com

# Reference: https://www.virustotal.com/gui/file/e0db7b6316116df0b1d4e1c3b3b239c1ecf2252cd57c53816aaad0daec153456/detection

bknruc.com

# Reference: https://www.virustotal.com/gui/domain/cv-suspension.key-systems.net/relations

cv-suspension.key-systems.net

# Reference: https://twitter.com/VirITeXplorer/status/1334568357165735937
# Reference: https://twitter.com/Circuitous__/status/1334584959043035139
# Reference: https://www.virustotal.com/gui/file/4d1c37dac45daec5880750b8499b337e6ccf3696bfd645c4e22f388001e79900/detection
# Reference: https://www.virustotal.com/gui/file/9f672ebe0fc031e49ca0cec79553f8291ca44fb150adb6346c8fb7f78ef674fa/detection
# Reference: https://www.virustotal.com/gui/file/6d5a2538f02f35ad3d39aa072a541b0d03eb086299c2b5b4c45f2e0fd8e8f347/detection
# Reference: https://www.virustotal.com/gui/file/2c0d32826a27621d9252554e8e986a1de1434f5349699a1848df0c1617f7cc22/detection
# Reference: https://www.virustotal.com/gui/file/59d433bc2b7b0462f4866a79ae09c7a0ba5f61d9a1e427a174a21ace9a428d97/detection
# Reference: https://www.virustotal.com/gui/file/2271eb0df1de442f4ebad0513240b19def9fa067a87618100fd5244088d434a3/detection

knt807fault.com
pfbtq569flash.com
q654trap.com
vi363suffer.com
wcfv355security.com
wo784prosper.com
xub368notable.com
/xspcd1
/xspcd2
/xspcd3
/xspcd4
/xspcd5
/xspcd6
/xspcd7
/xspcd8
/xspcd9
/xspcd10
/xspcd11
/xspcd12
/xspcd13
/xspcd14
/xspcd15
/xspcd16
/xspcd17
/xspcd18
/xspcd19

# Reference: https://twitter.com/malware_traffic/status/1336009810047856640
# Reference: https://twitter.com/JRoosen/status/1336167144388767746

benjs187mask.com
bfc372alarm.com
k741faint.com
n687desert.com
nyx236bicycle.com
phfvg141cruel.com
qs809erupt.com
twvf572scout.com
u298emotion.com
/zzfp1
/zzfp2
/zzfp3
/zzfp4
/zzfp5
/zzfp6
/zzfp7
/zzfp8
/zzfp9
/zzfp10
/zzfp11
/zzfp12
/zzfp13
/zzfp14
/zzfp15
/zzfp16
/zzfp17
/zzfp18
/zzfp19

# Reference: https://twitter.com/JAMESWT_MHT/status/1336229725082177536

gormaire.website

# Reference: https://twitter.com/abuse_ch/status/1336612784801542144

as526model.com
ksr873sweet.com
oocw740forest.com
qri970bargain.com
sxhkk334advance.com

# Reference: https://twitter.com/BushidoToken/status/1336694472474824709
# Reference: https://www.virustotal.com/gui/file/b668f791607842e0859fc3d9a1e50228766aa158becb38fbd3023535ff829654/detection
# Reference: https://www.virustotal.com/gui/file/0e5cda7dd0ed8c3ce20b1019f5895deb2b780039d4ed3e32cb7d383bf237ca33/detection

fosterpod.website
onlinecompaniehouse.com

# Reference: https://twitter.com/luc4m/status/1336719507411374080

pinole.at
unici.at

# Reference: https://twitter.com/malware_traffic/status/1336852988254674945
# Reference: https://pastebin.com/raw/1yBchwv0

kmp481car.com
kwi296dream.com
rdi162skull.com
tmzr158drip.com
vqvm656stem.com
xiptk734that.com
/kazu1
/kazu2
/kazu3
/kazu4
/kazu5
/kazu6
/kazu7
/kazu8
/kazu9
/kazu10
/kazu11
/kazu12
/kazu13
/kazu14
/kazu15
/kazu16
/kazu17
/kazu18
/kazu19

# Reference: https://twitter.com/Unit42_Intel/status/1337455387637846022
# Reference: https://www.virustotal.com/gui/ip-address/193.239.84.250/relations
# Reference: https://github.com/pan-unit42/tweets/blob/master/2020-12-10-IOCs-from-Ursnif-infection-with-Delf-variant.txt
# Reference: https://www.virustotal.com/gui/file/236491cfe870f6b374d80e427ef8f8bfbf24f50d4029128b001d95c8c90845cb/detection

http://162.0.224.165
http://185.186.244.130
http://37.120.222.107
79.110.52.28:15497
booloolo2.com
booloolo3.com
greatewallfirewall.xyz

# Reference: https://twitter.com/malware_traffic/status/1337471320339177475
# Reference: https://twitter.com/p5yb34m/status/1337468554984218628
# Reference: https://www.malware-traffic-analysis.net/2020/12/11/index.html
# Reference: https://www.virustotal.com/gui/file/785e7a1f4e7d48efff95dd5d5574d7326845e67ccf3dc9b4dd228d25246ba933/detection
# Reference: https://www.virustotal.com/gui/file/4f423d4ab78a5201862d4a04c294f33bd6e01df2bf8d1c38053e3e099723496d/detection

cstleadapt3.com
ftrain1.com
grcpvclinic8.com
hzimlady5.com
kgcadjust6.com
maspolice4.com
qqdrate7.com
rtnmmail8.com
vclfhdetect8.com
wbarely6.com
wfaith8.com
xwfluid5.com
/ffslaey1
/ffslaey2
/ffslaey3
/ffslaey4
/ffslaey5
/ffslaey6
/ffslaey7
/ffslaey8
/ffslaey9
/ffslaey10
/ffslaey11
/ffslaey12
/ffslaey13
/ffslaey14
/ffslaey15
/ffslaey16
/ffslaey17
/ffslaey18
/ffslaey19

# Reference: https://twitter.com/p5yb34m/status/1338575528563863553
# Reference: https://pastebin.com/raw/AbgwQW99
# Reference: https://app.any.run/tasks/5638c7ba-95d7-4705-888d-6e50c3e1045a/

ddizzy7.com
uxeqfury6.com
zqbutter2.com
/axgqo1
/axgqo2
/axgqo3
/axgqo4
/axgqo5
/axgqo6
/axgqo7
/axgqo8
/axgqo9
/axgqo10
/axgqo11
/axgqo12
/axgqo13
/axgqo14
/axgqo15
/axgqo16
/axgqo17
/axgqo18
/axgqo19

# Reference: https://twitter.com/JAMESWT_MHT/status/1338742519505498115
# Reference: https://twitter.com/JAMESWT_MHT/status/1338762002387398658
# Reference: https://twitter.com/VirITeXplorer/status/1338751190146932736

gstatici.com
systemic.casa
systemlive.casa
systemok.casa
systemst.casa
systemu.casa

# Reference: https://twitter.com/JAMESWT_MHT/status/1338783888890540032
# Reference: https://twitter.com/reecdeep/status/1338784238183780353

fortiol.com
kaztam.com
loogerblog.xyz
rosadalking.xyz

# Reference: https://twitter.com/p5yb34m/status/1338908619270549504

hnelse4.com
kmbdiffer6.com
uwwlesson8.com
/cktzgt1
/cktzgt2
/cktzgt3
/cktzgt4
/cktzgt5
/cktzgt6
/cktzgt7
/cktzgt8
/cktzgt9
/cktzgt10
/cktzgt11
/cktzgt12
/cktzgt13
/cktzgt14
/cktzgt15
/cktzgt16
/cktzgt17
/cktzgt18
/cktzgt19

# Reference: https://twitter.com/JAMESWT_MHT/status/1339094627467620352

gstatica.com
gstatus.bar
istatus.bar
istatus.casa
istatus.cyou
estatus.cyou

# Reference: https://twitter.com/JAMESWT_MHT/status/1339150527209336832

fatturanumeroverde.com

# Reference: https://twitter.com/reecdeep/status/1339144141285044224

http://199.192.24.31

# Reference: https://twitter.com/Mesiagh/status/1338941921729806336

ietbean7.com
tvvsystem8.com
ufjypdinosaur6.com

# Reference: https://twitter.com/p5yb34m/status/1339360118266195968

hikangaroo5.com
/ruryf1
/ruryf2
/ruryf3
/ruryf4
/ruryf5
/ruryf6
/ruryf7
/ruryf8
/ruryf9
/ruryf10
/ruryf11
/ruryf12
/ruryf13
/ruryf14
/ruryf15
/ruryf16
/ruryf17
/ruryf18
/ruryf19

# Reference: https://twitter.com/ffforward/status/1339556898476056580
# Reference: https://twitter.com/malware_traffic/status/1339588160775282695
# Reference: https://www.virustotal.com/gui/file/a429dd92b7a7374c4be27a8ee63f597fde7659da2915ed50b929a244573883df/detection

http://45.144.29.133
djexpect6.com
ibibamong3.com
/hanw1
/hanw2
/hanw3
/hanw4
/hanw5
/hanw6
/hanw7
/hanw8
/hanw9
/hanw10
/hanw11
/hanw12
/hanw13
/hanw14
/hanw15
/hanw16
/hanw17
/hanw18
/hanw19

# Reference: https://twitter.com/p5yb34m/status/1339636508563623938

belevator6.com
ycndad3.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1339829815319404545
# Reference: https://twitter.com/JAMESWT_MHT/status/1339834783799652353
# Reference: https://twitter.com/VirITeXplorer/status/1339845131797753856
# Reference: https://twitter.com/VirITeXplorer/status/1339845277503660033

gstatisics.co
longline.casa
longline.cyou
longstat.cyou
salscadu.casa

# Reference: https://twitter.com/ffforward/status/1339955996559626242
# Reference: https://bazaar.abuse.ch/sample/30739a63f06056178c395aea513686a49652ed9cb7f81c4baabee6cd8f950c9f/
# Reference: https://www.virustotal.com/gui/file/30739a63f06056178c395aea513686a49652ed9cb7f81c4baabee6cd8f950c9f/detection

jsenior6.com

# Reference: https://twitter.com/malware_traffic/status/1340040487030444032
# Reference: https://www.virustotal.com/gui/ip-address/45.153.229.237/relations

mquote4.com
smpatient6.com
spanic2.com

# Reference: https://twitter.com/makflwana/status/1339732100497326080
# Reference: https://www.virustotal.com/gui/file/687bac96d4e81c29df237b996d270e8c1f456ef30bebe47f1deb6ea0ae05eda1/detection

185.175.44.167:5655
lalstatsnon.website

# Reference: https://twitter.com/makflwana/status/1341558259371573248
# Reference: https://www.virustotal.com/gui/file/3fbc2844d104cc42fd7321b86b5b1b3e37a544b02d831c35ec5fbb7680ea7072/detection

http://79.110.52.174
bologuron.club
bologuron1.club

# Reference: https://twitter.com/reecdeep/status/1341735684286148610
# Reference: https://app.any.run/tasks/a6409ed6-960c-478d-84b6-129996c9a255/

companieshouseonlinedownload.com
hospader.xyz

# Reference: https://app.any.run/tasks/d5809e95-3a8f-4609-880d-b5f4fc8eaa5e/

sibedriamasterkkmoderatordstezya.ru

# Reference: https://twitter.com/JAMESWT_MHT/status/1342018819636785152
# Reference: https://bazaar.abuse.ch/sample/7b8ef3f064d0de0c27d56ff4df7d360f0d546d32aabbdf96a746bab5c84277ec/

hapynewyear.xyz

# Reference: https://twitter.com/luc4m/status/1342837701368836097
# Reference: https://www.virustotal.com/gui/ip-address/46.173.218.93/relations

feel500.at

# Reference: https://www.virustotal.com/gui/file/6f34cfee443da76283ddd3367645d67559e8c3c509fbb96d6b2efe8b4f7ec56c/detection
# Reference: https://www.virustotal.com/gui/file/0a3593642f04b62ace2c48fa62a24fd9a84f64da5e7522abdea2e046be1c0af5/detection

kwjqbk2fw9p8q5y.com
xumti39cg1kuf9t2y.com

# Reference: https://raw.githubusercontent.com/pan-unit42/iocs/master/Valak/2020-03-23-to-2020-07-07-TA551-traffic-pattern-history-since-Valak.txt

00otg18ixk6o8kows.com
2zvdoq8grm7vwed20-zz.com
adersr4utx.com
amc4we.com
c1vfsbk.com
d6rc53.com
d9q944ord8l-tydx.com
ebh3zy1l0l66zt144-ph.com
ebwz497.com
eed9jqjd4b600bu2b-md.com
f0hc7osjnl2vi61g.com
fw6rzlxc.com
fz782ze.com
gandael6.com
gma7im.com
grumnoud.com
gwn2649pm.com
his3t35rif0krjkn.com
hlyctn2zx8zyjox1.com
j4abq17dqadmb4hz.com
je85oemozig2x4yq.com
jzi0hc.com
k0llld9j.com
kwjqbk2fw9p8q5y.com
kzex9vp0jfw6a8up1.com
l95dtz8.com
landcareus.com
le7dv4wry1qy0dozb-df.com
m4tz0of0xi8o3brr.com
pk3ehqmow0a.com
siicg8lgad.com
turjaxqqzwyfzy6a.com
v4x99v.com
ws3adlfkm1.com
xcjhb30ton.com
xekolw77fzn-pwzb.com
xljksdu.com
xumti39cg1kuf9t2y.com
yfpyutf.com
zp9x80h.com

# Reference: https://www.virustotal.com/gui/domain/fgrt87jlad.com/detection

fgrt87jlad.com

# Reference: https://www.virustotal.com/gui/domain/mvbwnjx07muirko5i.com/detection

mvbwnjx07muirko5i.com

# Reference: https://www.virustotal.com/gui/ip-address/8.209.74.175/relations

8uv4tnce6ye8muig3j.com
brxxfd54s5bo.com
c868n1kvt7nxbo0atm.com

# Reference: https://www.virustotal.com/gui/file/af5030e85147368bd9ad59c09a39cbf28ecde7c7fb93e5b659346f424b3593f3/detection

gstatistics.co

# Reference: https://twitter.com/reecdeep/status/1352207867659608065

gstatistica.com

# Reference: https://twitter.com/reecdeep/status/1351473427505418241
# Reference: https://app.any.run/tasks/598d0add-13b9-48ea-aa21-e7acb92f6056/

inps-servizi.com
lopppooole.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1351784792786948097

dettrazieni.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1352156319055290370

linestats.casa
linestats.cyou
linestats.bar
statsline.bar
statsline.cyou

# Reference: https://twitter.com/VirITeXplorer/status/1352523053641715712

gstatuslog.com

# Reference: https://www.virustotal.com/gui/file/b0f7aa0474bd786391775b81b6aa75e75b7fdc77082dfe9ec79d0c09f666b213/detection

electroniclog.bar
linelectriciti.casa

# Reference: https://twitter.com/malware_traffic/status/1352752012644016128
# Reference: https://app.any.run/tasks/0a50c53a-e029-4051-8782-55670139359a/
# Reference: https://pastebin.com/XHHAQfsJ

140f0climb6.com
1d67hotel8.com
38ctrade7.com
8533dappear7.com
9219seat6.com
b7edream7.com
b8bonus5.com
bcquick1.com
d2darch6.com
/raynock1
/raynock2
/raynock3
/raynock4
/raynock5
/raynock6
/raynock7
/raynock8
/raynock9
/raynock10
/raynock11
/raynock12
/raynock13
/raynock14
/raynock15
/raynock16
/raynock17
/raynock18
/raynock19

# Reference: https://twitter.com/p5yb34m/status/1353776914985406464
# Reference: https://twitter.com/DrunkBinary/status/1354167067226812417
# Reference: https://twitter.com/malware_traffic/status/1353797541784137728
# Reference: https://isc.sans.edu/forums/diary/TA551+Shathak+Word+docs+push+Qakbot+Qbot/27030/
# Reference: https://otx.alienvault.com/pulse/6011ba895abb37ebb4f61eb6/
# Reference: https://app.any.run/tasks/c948b592-bf57-4c73-94da-38ac99278dce/
# Reference: https://www.virustotal.com/gui/ip-address/45.140.146.101/relations
# Reference: https://www.virustotal.com/gui/file/990c3a30dc70bbc82c382c37c70c7b4b97e866b59fbbe34cb250745aac0cd33c/detection
# Reference: https://www.virustotal.com/gui/file/8f1124e40c0d3484ee4bcee168e6b08c64620c2a9d7299d81814f0eea7084c48/detection
# Reference: https://www.virustotal.com/gui/file/fb0753d99f822dd144f3ef9b10a5e58d75a569a08d4da615f1f4331b578c3cb5/detection
# Reference: https://www.virustotal.com/gui/file/175cccf004376f3ed4a72e0f9f14e15aec8022fab2f269de025bbb2ddd0de025/detection
# Reference: https://www.virustotal.com/gui/file/f154dc6a733b659335e57ba8f42618157fae0022bb4078fc83c75d863ec27406/detection
# Reference: https://www.virustotal.com/gui/file/d31a4067843427834b28f19a45844a4f4194f5fa7dc52147fc105bf562815640/detection

4buzz8.com
5that6.com
9298remember8.com
cc7earenew2.com
cpalm1.com
fd4system2.com
/lxgo1
/lxgo2
/lxgo3
/lxgo4
/lxgo5
/lxgo6
/lxgo7
/lxgo8
/lxgo9
/lxgo10
/lxgo11
/lxgo12
/lxgo13
/lxgo14
/lxgo15
/lxgo16
/lxgo17
/lxgo18
/lxgo19
/xtuaq1
/xtuaq2
/xtuaq3
/xtuaq4
/xtuaq5
/xtuaq6
/xtuaq7
/xtuaq8
/xtuaq9
/xtuaq10
/xtuaq11
/xtuaq12
/xtuaq13
/xtuaq14
/xtuaq15
/xtuaq16
/xtuaq17
/xtuaq18
/xtuaq19

# Reference: https://twitter.com/p5yb34m/status/1354502669893689349
# Reference: https://app.any.run/tasks/caf2f3f0-8f20-4580-af6a-800bf7adc694/

7ab7lunar7.com
a4fexpect2.com
c8sock3.com
/logqbag1
/logqbag2
/logqbag3
/logqbag4
/logqbag5
/logqbag6
/logqbag7
/logqbag8
/logqbag9
/logqbag10
/logqbag11
/logqbag12
/logqbag13
/logqbag14
/logqbag15
/logqbag16
/logqbag17
/logqbag18
/logqbag19

# Reference: https://twitter.com/p5yb34m/status/1354842734842920961
# Reference: https://app.any.run/tasks/2573ec2e-7d32-49e8-89fd-70c09c11f114/
# Reference: https://www.virustotal.com/gui/file/dfffacd10a8887ff9e48cb452696fa8a9b6b83ea3e285b4f7d3692677c8c30fc/detection

fbfurnace6.com
/shaz1
/shaz2
/shaz3
/shaz4
/shaz5
/shaz6
/shaz7
/shaz8
/shaz9
/shaz10
/shaz11
/shaz12
/shaz13
/shaz14
/shaz15
/shaz16
/shaz17
/shaz18
/shaz19

# Reference: https://twitter.com/p5yb34m/status/1355215745043496960

0699abstract6.com
69toward3.com
6c1maple8.com
c1left4.com

# Reference: https://twitter.com/p5yb34m/status/1355217471951671300

10afmercy4.com
8170ozone6.com
d36f2offer1.com
degift5.com
/xmpj1
/xmpj2
/xmpj3
/xmpj4
/xmpj5
/xmpj6
/xmpj7
/xmpj8
/xmpj9
/xmpj10
/xmpj11
/xmpj12
/xmpj13
/xmpj14
/xmpj15
/xmpj16
/xmpj17
/xmpj18
/xmpj19

# Reference: https://twitter.com/JAMESWT_MHT/status/1354735128052961281
# Reference: https://app.any.run/tasks/237ab732-b964-4748-8d79-622e1f277d4e/

condizioni.net
contenente.net
dettagl.net
fruizione.com
interessati.net
modalita.net
staterio.com
tipologie.net
tomproc.com

# Reference: https://twitter.com/p5yb34m/status/1356358716212187138
# Reference: https://twitter.com/gorimpthon/status/1356521133328068610
# Reference: https://twitter.com/ffforward/status/1356587120433987585
# Reference: https://app.any.run/tasks/6b72c1f0-2525-4f1f-957f-bb40c586991a/
# Reference: https://pastebin.com/raw/MGciRE3e

3phone5.com
41c1visa6.com
8bench2.com
fbfurnace6.com
/svlah1
/svlah2
/svlah3
/svlah4
/svlah5
/svlah6
/svlah7
/svlah8
/svlah9
/svlah10
/svlah11
/svlah12
/svlah13
/svlah14
/svlah15
/svlah16
/svlah17
/svlah18
/svlah19

# Reference: https://twitter.com/p5yb34m/status/1357400805909745664
# Reference: https://pastebin.com/raw/EfPL3asX

14e1position5.com
dmovie3.com
jelly-abbott2012.com
woodward2007-gardening.com
/lyry1
/lyry2
/lyry3
/lyry4
/lyry5
/lyry6
/lyry7
/lyry8
/lyry9
/lyry10
/lyry11
/lyry12
/lyry13
/lyry14
/lyry15
/lyry16
/lyry17
/lyry18
/lyry19

# Reference: https://twitter.com/reecdeep/status/1357683203096608770
# Reference: https://www.virustotal.com/gui/ip-address/45.133.216.103/relations
# Reference: https://www.virustotal.com/gui/ip-address/91.203.192.117/relations
# Reference: https://www.virustotal.com/gui/file/8162e0799dc6887d63119af7836399684041e981d8e1cc48d0bf852dc785d8ce/detection
# Reference: https://www.virustotal.com/gui/file/8b62f033d2b02f57f250fcd8f7caf1275066c14b72122d6607264c8313ff5d74/detection

srirdelehssfaojr.com
topitophug.xyz
uidacrtsppxece.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1358673279981154304
# Reference: https://app.any.run/tasks/c228bf71-5682-4e4f-a41a-55802bc01712/
# Reference: https://bazaar.abuse.ch/sample/bad7c7a4553a600deef25fe5e29b22fcba05d32f9155352d12f8438080b07fa9/

atomproc.com
gstator.com
statblogger.com
statilion.com
statswindows.com
storiesstat.com

# Reference: https://twitter.com/ffforward/status/1359104603166507008
# Reference: https://app.any.run/tasks/57bb1b69-245d-453b-b4db-f7a6b7ad91dc/
# Reference: https://www.virustotal.com/gui/file/b2701be6d7b593433a48955c5613953470e2c807a87fa18eb33334da66dd41b0/detection

pronpepsipirpyamvioerd.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1359397819933741057
# Reference: https://tria.ge/210210-1m263rm71e
# Reference: https://www.virustotal.com/gui/file/8df914f790a6e5eb07042cce36ea9a23e23cdc1610d930f306f9ef55b6d8a2c5/detection

nerowins.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1359445782441717761
# Reference: https://twitter.com/VirITeXplorer/status/1359462328115355649
# Reference: https://urlhaus.abuse.ch/browse/tag/MISE/

elettrico.casa
elettrico.cyou
elletriciti.casa
megastats.bar
megawatt.bar
megawatt.casa
statswatt.bar
statswatt.casa
wattstats.cyou

# Reference: https://twitter.com/reecdeep/status/1361612009553465344

consuitlng.com
haloopolikosul.xyz
trapolikoliosilios.xyz

# Reference: https://www.virustotal.com/gui/file/f9ca14f56fc649614b7026f07702e75ab298580898504f29ccb01379a9809326/detection

l3my8r6skoldp.com

# Reference: https://twitter.com/reecdeep/status/1364544352601702402
# Reference: https://twitter.com/JAMESWT_MHT/status/1364575512732049410
# Reference: https://app.any.run/tasks/48e9e348-d0b1-4b34-b605-332299287b0a/

gostatist.com
statsarts.com
statsdev.com
statsic.com
statsper.com
statssale.com
statssales.com
statssen.com
statsstate.com

# Reference: https://twitter.com/malware_traffic/status/1364999361902469127

2005-sampson-property.com
present-anthony2006.com
race-crypto-2021.com
rush2013-logistics.com

# Reference: https://otx.alienvault.com/pulse/603b86f4a33f5a49b456e2a6

ok121.ddns.net

# Reference: https://twitter.com/JAMESWT_MHT/status/1366623838914682881
# Reference: https://twitter.com/JAMESWT_MHT/status/1366641348007387137
# Reference: https://twitter.com/JAMESWT_MHT/status/1366662035954688005
# Reference: https://twitter.com/JAMESWT_MHT/status/1366678311276052481
# Reference: https://twitter.com/JAMESWT_MHT/status/1366731752719409152
# Reference: https://tria.ge/210302-wefk84rj7a

stasecrets.com
statereo.bar
staticonline.bar
statillion.bar
statsres.com
statssound.com
statsspot.com
statsvilla.com
stattilion.bar
statting.bar

# Reference: https://twitter.com/malwareforme/status/1366581891458039809
# Reference: https://www.virustotal.com/gui/file/3a85dcb49ed0c0bae65daaa8dd85411d77fc136028d83797166cb80aed740eb9/detection

joomlaparamaoun.xyz
zalupilosi.xyz

# Reference: https://twitter.com/reecdeep/status/1366702844280266752

pagrlbaf24.com
drazbargura.xyz
farbrilloskio.xyz
ganmanaksplo.xyz
geopradios.xyz
kraulerrrblast.xyz

# Reference: https://twitter.com/ffforward/status/1367751176834457605
# Reference: https://twitter.com/JAMESWT_MHT/status/1367758238402424834
# Reference: https://twitter.com/JAMESWT_MHT/status/1367842482508161025
# Reference: https://tria.ge/210305-a8j2yqp2cx

interstat.co
interstats.bar
linerstat.bar
linerstat.co
onlinerstats.bar
onlinerstats.co
staterios.com

# Reference: https://www.virustotal.com/gui/file/acb3f74515d48309852db8718fd79c8f3f898a374668432cb022b6040bf1395f/detection

worauctapy.com

# Reference: https://twitter.com/pmmkowalczyk/status/1369036966981951501
# Reference: https://www.virustotal.com/gui/file/cecc7c45b526be846e68a05775a05ec1809342b0dc225fd4335ae252e07cd200/detection

drazbargura.xyz
kraulerrrblast.xyz

# Reference: https://twitter.com/p5yb34m/status/1369348431261601794
# Reference: https://twitter.com/malware_traffic/status/1369398918371540992
# Reference: https://app.any.run/tasks/1d606ea9-378a-4e80-9377-bd0b8cb97918/

debate-reilly2001.com
gillespieindex.com
hannatrain.com
random-fund-2007.com
very-lam2018.com
wagnerdonate.com

# Reference: https://twitter.com/reecdeep/status/1370306350333444096
# Reference: https://twitter.com/JAMESWT_MHT/status/1370323101637087232
# Reference: https://tria.ge/210312-vj7wbkl2za

chen2004-delivery.com
drakluskolikooo.xyz
fraloopilo.xyz
kraufaundingf.xyz
paladingrazz.xyz
prilukisoft.xyz

# Reference: https://twitter.com/malware_traffic/status/1370429112809046019

http://45.90.58.37

# Reference: https://twitter.com/JAMESWT_MHT/status/1371351330850226178
# Reference: https://app.any.run/tasks/bfdd8b8c-3a2f-4b1d-aa2b-32ba7e12f330/

distanstat.com
linestata.bar
linestata.casa
onlinestatis.bar
onlinestatis.casa
statisonline.casa

# Reference: https://twitter.com/JAMESWT_MHT/status/1371676655874359296
# Reference: https://twitter.com/JAMESWT_MHT/status/1371776538224508928

comunicaz.bar
comunicaz.casa
obbligo.bar
obbligo.casa
periodiche.casa
statalines.bar
statslink.casa
trimestre.casa

# Reference: https://twitter.com/luc4m/status/1371728706960568321
# Reference: https://www.virustotal.com/gui/file/a9a0db068a2ed9c7b9b3cdbe7f3c1c82a6f9d2c1c7d4b820820927da004b6cbf/detection

interstatos.com
statillioni.com

# Reference: https://twitter.com/reecdeep/status/1371761925294526466

corporatlon.com
dasjhdjkrbewkjfbsjkfd.website
uhjkerlbjfgsgdjfkahdjlsad.live

# Reference: https://app.any.run/tasks/67738062-9d86-4173-ba81-c3f9c456b5ee/
# Reference: https://www.virustotal.com/gui/ip-address/193.203.203.17/relations

larsennoble.com
leslot14sas.com

# Reference: https://twitter.com/reecdeep/status/1372124829567090711

greenwoodgrace.website
prosper-tv-2015.com

# Reference: https://twitter.com/GaborSzappanos/status/1372203326847258633
# Reference: https://www.virustotal.com/gui/file/0c39c6f9851a8ac1054e4580ddfbc2415ad5bbffc65f2d800500ce0ff6637c38/detection

calledoscope.xyz
valentinoproject.xyz

# Reference: https://twitter.com/malware_traffic/status/1372318861094182913
# Reference: https://www.malware-traffic-analysis.net/2021/03/17/index.html
# Reference: https://app.any.run/tasks/c1ff9879-6c6a-4a5e-8e76-d86a3224b9a7/

http://107.172.89.197
185.82.218.53:443
2018-cordova-management.com
action-cole2007.com
prosper-tv-2015.com
tagsr-trewbtc-12020.com
tag-btc-2020.com
greenwoodgrace.website

# Reference: https://twitter.com/reecdeep/status/1374295280309444610

purse-burns2020.com

# Reference: https://twitter.com/reecdeep/status/1375385369462575106

brown-craft-2018.com

# Reference: https://twitter.com/nao_sec/status/1375465237902553090
# Reference: https://app.any.run/tasks/4b4870d4-4290-4b65-9287-9e2e77db9f52/

http://188.227.107.156

# Reference: https://twitter.com/reecdeep/status/1374662543147417604

2012-henry-btc.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1374354229939343360

purse-burns2020.com
shock-cordova2005.com
trujillojunk.com

# Reference: https://www.virustotal.com/gui/ip-address/91.194.11.10/relations
# Reference: https://www.virustotal.com/gui/file/3408e1bdbebfb4c7c6211d633d9d7d72db8f5b0cbd4235a5e402310ad56a2c28/detection
# Reference: https://www.virustotal.com/gui/file/bf25d86fbd0b91927f9ef70dda7819f8e38a8f20dc0689fdd28564575be263a3/detection

2015-parsons-tv.com
duartecactus.com

# Reference: https://twitter.com/reecdeep/status/1374320424989908997

project-cargo-1999.com

# Reference: https://twitter.com/_CPResearch_/status/1375115498598322179
# Reference: https://www.virustotal.com/gui/file/afe4ae071261d7c5e03b4e96e253182a270d1e2c4f772d4d947e5d5cf3005984/detection

gotoregt.space
vtdiafox.cyou

# Reference: https://twitter.com/reecdeep/status/1376787889716072448

interwind.co
telewind.co

# Reference: https://twitter.com/reecdeep/status/1376815789089640452
# Reference: https://twitter.com/reecdeep/status/1376818388668932097

pagribaf24.com
bralookilos.website
dresdengrauwes.website
grooverbootret.website
hooligrauver.website
palominoloopus.website

# Reference: https://twitter.com/JAMESWT_MHT/status/1376881535635324933

fisconline.casa
periodiche.bar
trimestre.bar

# Reference: https://www.virustotal.com/gui/ip-address/193.203.203.16/relations

arnolddraft.com
coronabag123qq.com
frederickunhappy.com
pioneer-storage-2004.com
prison-audit-2017.com
vazquez2015-pipes.com

# Reference: https://twitter.com/D3LabIT/status/1377604017828794372
# Reference: https://www.virustotal.com/gui/ip-address/45.133.216.113/relations

legend-mortgage-2016.com

# Reference: https://twitter.com/reecdeep/status/1377618315804348431

kitten-weiss2020.com
coolorenuloke.xyz
foolorenuloke.xyz

# Reference: https://app.any.run/tasks/4470dceb-dde5-45a3-b3b5-21474313b787/

autoforums.eu
autoslives.com
liquidaz.casa

# Reference: https://twitter.com/JAMESWT_MHT/status/1379339978526883840

laura9630fr.com
mills-skyla30ec.com
under17.com
urs-world.com
velma-harber30ku.com

# Reference: https://twitter.com/reecdeep/status/1379723890398785537

ricerco.org
aurenoluneer.xyz
durenoluneer.xyz
surenoluneer.xyz
turenoluneer.xyz
wurenoluneer.xyz

# Reference: https://twitter.com/VirITeXplorer/status/1380470816291315712
# Reference: https://twitter.com/reecdeep/status/1380486761688793088
# Reference: https://twitter.com/reecdeep/status/1380490358895874052
# Reference: https://app.any.run/tasks/110d4cee-d931-4253-9cdd-de6021baed10/
# Reference: https://www.virustotal.com/gui/ip-address/31.41.44.108/relations
# Reference: https://www.virustotal.com/gui/file/35375028a2cc4876b5a8476876ad75a037b8c4e303589ce6e9d9c61aaba9f74c/detection

bigidati.com
blogerslines.com
blogerslives.com
blogspoints.com
blogspoints.ru
databigs.bar
filmspoints.com
institto.casa
institutocialo.casa
limitedstats.com
linesblogers.bar
linesblogers.casa
livesblogers.bar
stasecrets.com
staterios.com
statillioni.com

# Reference: https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.html (# Win.Trojan.Ursnif-9848875-1)

bestknifecollection.ru
blooomingvines.com
krovnjonsao19923.com
parettoo.info
sandrino.info
sharedotanyliceservice.com

# Reference: https://www.virustotal.com/gui/file/711b2b8b696027355cae88fcaf5a13e6c0303185a991ceea03b10782a51328d0/detection

damp-rentals-2011.com

# Reference: https://twitter.com/malware_traffic/status/1381986525999685638

http://185.186.245.24
185.186.245.24:443

# Reference: https://www.malware-traffic-analysis.net/2021/04/16/index.html
# Reference: https://tria.ge/210417-pjd2yd5eh2

http://185.186.245.181
http://185.186.245.184
http://185.186.245.91
2017-flowers-btc.com
collins2018-services.com
garment-crypto-2008.com
lloydtomorrow.com
shallow-collier2011.com
stewartwise.com
sort-maynard2001.com
trim-storage-2015.com
gaseluner.xyz
haseluner.xyz
paseluner.xyz
raseluner.xyz
saseluner.xyz
/malu1?
/malu2?
/malu3?
/malu4?
/malu5?
/malu6?
/malu7?
/malu8?
/malu9?
/malu10?
/malu11?
/malu12?
/malu13?
/malu14?
/malu15?
/malu16?
/malu17?
/malu18?
/malu19?

# Reference: https://twitter.com/neonprimetime/status/1382743458494902274

boehm-kavon15lc.ru.com
rosenbaum-milan15y.ru.com
xn--72c0bbr3dtble.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1384147802926632967
# Reference: https://tria.ge/210419-yhhbkwkxk2

imeetic.co
enfomeetic.co
tosociale.casa
uffciale.casa
ufficile.casa

# Reference: https://twitter.com/reecdeep/status/1384433101707882501

noogoorepu.us
0toogoorepu.us
voicols.com

# Reference: https://twitter.com/f3d__/status/1384498025108701189

x-energy.com/components/com_finder/img32.rar
x-energy.com/components/com_finder/img64.rar
/components/com_finder/img32.rar
/components/com_finder/img64.rar

# Reference: https://twitter.com/malware_traffic/status/1384527074485014534
# Reference: https://app.any.run/tasks/05abf4b6-2f7b-4646-aa14-d30ebfc489ff/

2006-ray-craft.com

# Reference: https://twitter.com/reecdeep/status/1384796483992555523

http://193.239.84.194
http://193.239.84.240
193.239.84.194:443
193.239.84.240:443
aorulenuke.us
dorulenuke.us
forulenuke.us
horulenuke.us
vorulenuke.us
involve-logistics-2000.com

# Reference: https://twitter.com/ffforward/status/1385171657430642690
# Reference: https://tria.ge/210422-hyjxeag8ss/behavioral1

2020-waller-property.com

# Reference: https://twitter.com/stoerchl/status/1385163817705947143
# Reference: https://twitter.com/stoerchl/status/1385163818943254530

2000-owens-savings.com
2003-keller-logistics.com
2003-mccullough-rentals.com
2021-shields-foods.com
cattle-crypto-2005.com
cricket-audit-2003.com
haley2019-gas.com
involve-logistics-2000.com
maxwell2009-fund.com
maynard2007-retail.com
montoya1999-taxi.com
oyster-mann2021.com
power-estate-2015.com
stanton2017-boring.com
transfer-gas-2008.com

# Reference: https://twitter.com/malware_traffic/status/1385241028924518410

wilkinssoul.com
/xuxid1?
/xuxid2?
/xuxid3?
/xuxid4?
/xuxid5?
/xuxid6?
/xuxid7?
/xuxid8?
/xuxid9?
/xuxid10?
/xuxid11?
/xuxid12?
/xuxid13?
/xuxid14?
/xuxid15?
/xuxid16?
/xuxid17?
/xuxid18?
/xuxid19?

# Reference: https://www.virustotal.com/gui/file/7833f76ed77ad166a3ff35e04a2a20c27c321709fed297ebe1f782b34ae1ae7d/detection
# Reference: https://www.joesandbox.com/analysis/395799?idtype=analysisid#iocs

thetopdomain.xyz

# Reference: https://twitter.com/luigi_martire94/status/1386633878652194824

linerstats.com
onlinesgate.com

# Reference: https://twitter.com/reecdeep/status/1386967595400695808
# Reference: https://tria.ge/210427-x88mk8nt4e

http://185.49.68.137
http://185.49.68.139
http://185.49.68.140
185.49.68.137:443
185.49.68.139:443
185.49.68.140:443
doperunol.club
eoperunol.club
foperunol.club
joperunol.club
woperunol.club

# Reference: https://twitter.com/stoerchl/status/1386970516578344964

2010-george-boring.com
alone-pham2010.com
eight-collier2005.com
essence-nunez1998.com
morton2021-property.com
newton2008-mortgage.com
subject-clayton2017.com 
tip-stone2013.com

# Reference: https://twitter.com/reecdeep/status/1387347718553616386

goose-gaines2011.com

# Reference: https://twitter.com/Bropezka/status/1387456365069672450
# Reference: https://www.virustotal.com/gui/file/29ce41c15e604010984c1551f7b9642bf6e40de63e3016542a81360533ce8fcc/detection

silugerude.xyz
vilugerude.xyz

# Reference: https://www.virustotal.com/gui/file/362f845b0e8918f4789d665faea168a63bd77e7fdce644ab8c1bc4f8a0355d40/detection

185.186.245.191:443

# Reference: https://www.malware-traffic-analysis.net/2021/04/28/index.html

91.132.139.139:9955
gaze-baker2019.com
/laka1?
/laka2?
/laka3?
/laka4?
/laka5?
/laka6?
/laka7?
/laka8?
/laka9?
/laka10?
/laka11?
/laka12?
/laka13?
/laka14?
/laka15?
/laka16?
/laka17?
/laka18?
/laka19?

# Reference: https://malware-traffic-analysis.net/2021/04/29/index.html

tooldunlap.com
/vur1?cid=
/vur2?cid=
/vur3?cid=
/vur4?cid=
/vur5?cid=
/vur6?cid=
/vur7?cid=
/vur8?cid=
/vur9?cid=
/vur10?cid=
/vur11?cid=
/vur12?cid=
/vur13?cid=
/vur14?cid=
/vur15?cid=
/vur16?cid=
/vur17?cid=
/vur18?cid=
/vur19?cid=

# Reference: https://twitter.com/stoerchl/status/1388052650499903488

clogphan.com
ivorytaxi2004.com
mckenzienation.com
netoutsourcing2007.com
raycrypto1.com

# Reference: https://twitter.com/malware_traffic/status/1388294529258860544
# Reference: https://twitter.com/ShadowChasing1/status/1388155936426979331
# Reference: https://twitter.com/ffforward/status/1388168560808271885
# Reference: https://tria.ge/210430-96rngyf85a/behavioral1

ayalaemptya.com
cortestootha.com
hesterhumora.com
photomeadowsa.com
/law1?
/law2?
/law3?
/law4?
/law5?
/law6?
/law7?
/law8?
/law9?
/law10?
/law11?
/law12?
/law13?
/law14?
/law15?
/law16?
/law17?
/law18?
/law19?

# Reference: https://twitter.com/stoerchl/status/1389501332323807233

burnsrentalsa.com
cardvanga.com
colontaxia.com
dejesusmarketa.com
garciatva.com
gatherdavilaa.com
leafingrama.com
purposerentals2001a.com
shufflepugha.com
spinbtc2010a.com

# Reference: https://twitter.com/reecdeep/status/1389502200787963905

lnbiz.net
dorelunonu.us
morelunonu.us
sorelunonu.us
torelunonu.us

# Reference: https://www.virustotal.com/gui/ip-address/80.92.204.40/relations

leafingrama.com
popularretail2015a.com
silverbucka.com

# Reference: https://twitter.com/stoerchl/status/1390231118989959170

daughtershieldsa.com
foamsantosa.com
harperglobea.com
hendersoncryptoa.com
hopkinsstocka.com
shopcooka1a-tw1e.com
silverbucka.com
tradehowarda.com
vancepipesa.com
womanedwardsa.com

# Reference: https://twitter.com/stoerchl/status/1390585935746711560

chandlerwidea.com
cuberentals2017a.com
essencedudleya.com
mandatewilsona.com
marblevargasa.com
pilotcleaning2007a.com
sciencebridgesa.com
whitebtca.com

# Reference: https://twitter.com/stoerchl/status/1391645354236563460
# Reference: https://www.virustotal.com/gui/ip-address/45.142.215.173/relations

buchananfundz.com
dressmarket1998z.com
ethicsenriquezz.com
linlogisticsz.com
lumysteryz.com
polecargo2015z.com
roachfoodsz.com
shellbartona.com
silvaicoz.com

# Reference: https://github.com/hpthreatresearch/iocs/blob/main/TA551/domains.txt

109cfoam2.com
11swear8.com
15peace6.com
1998-hale-gas.com
1998-hess-btc.com
1c50tired3.com
1d1steel4.com
2000-duncan-stock.com
2000-mclaughlin-rentals.com
2003-ortega-coin.com
2009-wolf-pipes.com
2012-harding-btc.com
2012-pearson-property.com
2014-howe-rentals.com
2019-hoover-gardening.com
2019-mcconnell-crypto.com
2020-hamilton-delivery.com
2020-santiago-pipes.com
2021-mcclure-rentals.com
2021-shields-foods.com
298season8.com
2fish1.com
3crouch1.com
3ladder2.com
44engine2.com
4cunable2.com
4dsilent3.com
51dgadget2.com
54cquality1.com
5matrix7.com
662ekeep6.com
695c0lock1.com
69market2.com
8170ozone6.com
84b7echief4.com
8aasun1.com
8dsuspect8.com
8olive3.com
98magnet3.com
a8stand4.com
ad7slender3.com
adams2020-cargo.com
again-becker2015.com
already-baldwin1999.com
aresist6.com
audit-logistics-2020.com
australis925.com
b0ainvite8.com
b0db3dice4.com
bacon-melendez2021.com
berger2016-taxi.com
better-transport-2008.com
bfa62ostrich1.com
bguitar6.com
board-good2005.com
boost-reese2015.com
bowen2017-cargo.com
c1then3.com
cattle-spears2020.com
changfix.com
chung2018-transport.com
cloth-foster2016.com
cross2014-gas.com
cstsodor5.com
custom-assets-2011.com
d95enact4.com
da6mystery1.com
digivape3.com
digivape6.com
dvqsvcover7.com
e48cereal4.com
ecreopen2.com
essay-stock-2011.com
f35car2.com
family-harvey2015.com
fd87cup5.com
ffavorite4.com
fixdisorder5.com
garrettgenius.com
glmuomaze4.com
global443.com
guzman2008-gas.com
hand-mcintosh2012.com
harris2021-realty.com
hcdslush4.com
hphmvicious4.com
huang2013-post.com
ipretty7.com
jerosion6.com
keith2004-mortgage.com
kewwash6.comkprtoy8.com
lara2021-management.com
laticalmost6.com
lend-hammond2012.com
lexecute8.com
lleft5.com
lomdfwish7.com
lumber-household-2016.com
mcyzncouch7.com
michael2020-estate.com
move-outsourcing-2021.com
mrlhsattitude3.com
neglect-retail-2007.com
nmdinner5.com
nzbeight3.com
ocorgan1.com
ohujskill3.com
olympic-horn2018.com
oven-property-1998.com
palmer2012-taxi.com
powder-cabrera2019.com
produce-ahmed2016.com
purse-realty-2007.com
qkdwink1.com
rosas1999-property.com
shepard2018-transport.com
similar-mccann1999.com
skill-assets-2012.com
smpnwoman2.com
surface-management-2008.com
tapia2005-estate.com
turner2006-services.com
ufatigue4.com
unouter7.com
walnut-briggs2019.com
weekend-gas-2020.com
yaload4.com
zslot8.com

# Reference: https://github.com/pan-unit42/tweets/blob/master/2021-05-10-IOCs-for-TA551-pushing-IcedID.txt

policearellanoz.com
/zuz1?time=s
/zuz2?time=s
/zuz3?time=s
/zuz4?time=s
/zuz5?time=s
/zuz6?time=s
/zuz7?time=s
/zuz8?time=s
/zuz9?time=s
/zuz10?time=s
/zuz11?time=s
/zuz12?time=s
/zuz13?time=s
/zuz14?time=s
/zuz15?time=s
/zuz16?time=s
/zuz17?time=s
/zuz18?time=s
/zuz19?time=s

# Reference: https://twitter.com/reecdeep/status/1392039430538637313

fyntiki.com
horunekulo.website
worunekulo.club

# Reference: https://twitter.com/stoerchl/status/1392035079711608833

cardenasoutsourcingz.com
cementaudit2015z.com
cunninghamretailz.com
mitchellcleaningz.com
policearellanoz.com
problemhowardz.com
reevesawesomez.com
wetboydz.com

# Reference: https://www.virustotal.com/gui/ip-address/188.119.112.229/relations

westfoods2003a.com

# Reference: https://twitter.com/stoerchl/status/1392759780675104771

acevedobasez.com
alwaysguerreroz.com
calderonaccessz.com
carrilloestatez.com
coststorage1998z.com
duffyservicesz.com
noticelynnz.com
squaremurphyz.com

# Reference: https://twitter.com/stoerchl/status/1393125493147373568

cargobradshawz.com
douglastransportz.com
escobarestatez.com
fluidhebertz.com
starkthoughtz.com
trimretail2008z.com
vasquezextraz.com
wongsugarz.com

# Reference: https://twitter.com/_jnzer0/status/1393134068091457538
# Reference: https://www.virustotal.com/gui/file/0f0cfab0853a78a0f2ba7f978386b0545a1e04c38a6ff279534299ebbfffd2d7/detection

billionady.com
defone.click
folion.xyz
maintorna.com
docs.teamkingrealestate.com
app3.maintorna.com
chat.billionady.com
app5.folion.xyz
wer.defone.click

# Reference: https://twitter.com/malware_traffic/status/1393255610611904515
# Reference: https://www.malware-traffic-analysis.net/2021/05/14/index.html

buboleinov.com
faroin.at
app.buboleinov.com
docs.atu.ngr.mybluehost.me
todo.faroin.at

# Reference: https://twitter.com/r3dbU7z/status/1395451376927485955

http://5.61.41.185
pumolenory.xyz
rumolenory.xyz

# Reference: https://twitter.com/ffforward/status/1395673887984205826
# Reference: https://tria.ge/210520-hbffe7nfwj

veminiare.com
chat.veminiare.com

# Reference: http://tracker.viriback.com/dump.php (# Ursnif)

bestpractive.cloud
bologuron3.club
dariuspaloonosil.xyz
faloolsldodl.xyz
futurenewapp.uno
gelagoollenneee.monster
iunsyntoqprabhosao.net
mooruuukoo.com
proloader.xyz
reconders.top
testtralala.xyz
vlasdmkdmewnfjfnd.xyz

# Reference: https://tria.ge/210525-578q7k73ej

robonight.xyz

# Reference: https://twitter.com/reecdeep/status/1399286609837707265

consultatyon.com
cloudinoren.club
goudinoden.club
poudinoden.club
roudinoden.club
woudinoden.club

# Reference: https://twitter.com/fr0s7_/status/1399465072292937748
# Reference: https://www.virustotal.com/gui/file/c0be2b35778de9b2feb0740482b838b4b774e6870cf12f18799624b54cdf97f0/detection

feronok.com
megoseri.com
pablowilliano.at
authd.feronok.com
raw.pablowilliano.at

# Reference: https://www.malware-traffic-analysis.net/2021/06/02/index.html

coursemcclurez.com
cryfund2015z.com
ramseyquantumz.com
ribswansonz.com
sisteraudit2019z.com
turngas2008z.com
/sose1?
/sose2?
/sose3?
/sose4?
/sose5?
/sose6?
/sose7?
/sose8?
/sose9?
/sose10?
/sose11?
/sose12?
/sose13?
/sose14?
/sose15?
/sose16?
/sose17?
/sose18?
/sose19?

# Reference: https://gist.github.com/myrtus0x0/12b088ab863c5ffc56d84e76712c5f3b
# Reference: https://www.virustotal.com/gui/ip-address/45.142.215.229/relations
# Reference: https://www.virustotal.com/gui/file/b4f8da4dadd6a3f18b98cd39b3d6202d0afcc46db01fbcf792daf0cd36dbd85c/detection
# Reference: https://www.virustotal.com/gui/file/af23d4b7238e7c34710202627722c7d2bb02645380f13066b16d6d8352545e35/detection
# Reference: https://www.virustotal.com/gui/file/d2bc8d2ed345e62138546ba148598641bbf2fe93e9749dad262bf4dcb9117305/detection
# Reference: https://www.virustotal.com/gui/file/81b3ef4c1b47b1f4376b5e887c2c0ff26443cb7204a92d4e815ce1bd88d4e2b5/detection

breezebishopd.com
frogretail2016b.com
hansenchoiceg.com

# Reference: https://gist.github.com/myrtus0x0/e8b191faa086c9b05e3978c3836fca51
# Reference: https://www.virustotal.com/gui/ip-address/193.203.202.108/relations
# Reference: https://www.virustotal.com/gui/file/b5f54359c7ea11c5cece6fb2420b392ed8b7f84e2351e31fe687fa7c03ded5d6/detection
# Reference: https://www.virustotal.com/gui/file/5f035283ef433b5a12b51c7f3157ce9a720df74b192080b465db277341bfed4d/detection
# Reference: https://www.virustotal.com/gui/file/c57f1c661a21b7d160633f48c45a5a3eb9272762f9e88996a488a3d6362928f4/detection

alwaysmarket2015b.com
filmcostad.com
/dog1?ref=
/dog2?ref=
/dog3?ref=
/dog4?ref=
/dog5?ref=
/dog6?ref=
/dog7?ref=
/dog8?ref=
/dog9?ref=
/dog10?ref=
/dog11?ref=
/dog12?ref=
/dog13?ref=
/dog14?ref=
/dog15?ref=
/dog16?ref=
/dog17?ref=
/dog18?ref=
/dog19?ref=

# Reference: https://gist.github.com/myrtus0x0/d860787abe5580600835182a70f50412
# Reference: https://www.virustotal.com/gui/ip-address/80.92.206.71/relations

povertyboring2020b.com
someonerentals2012b.com
tentassets2008b.com

# Reference: https://gist.github.com/myrtus0x0/408f68a8df12fbadcf5a9d122de06ce4
# Reference: https://www.virustotal.com/gui/ip-address/185.250.151.120/relations
# Reference: https://www.virustotal.com/gui/file/1c28a560bbe270eb00088b56897b2644805dbbec1458ae818c977e7bc9ac2a4a/detection

lopezcoinz.com
/vowi1?
/vowi2?
/vowi3?
/vowi4?
/vowi5?
/vowi6?
/vowi7?
/vowi8?
/vowi9?
/vowi10?
/vowi11?
/vowi12?
/vowi13?
/vowi14?
/vowi15?
/vowi16?
/vowi17?
/vowi18?
/vowi19?

# Reference: https://twitter.com/ffforward/status/1405525752380940292

bighomegl.at
app.bighomegl.at

# Reference: https://tria.ge/210617-rtp5h1v242/behavioral1
# Reference: https://www.virustotal.com/gui/ip-address/194.156.98.249/relations

bestoctoberg.com
camerontrackg.com
knoxtrapg.com
nobleaudits.com
ordinarysantosd.com
/fol1?
/fol2?
/fol3?
/fol4?
/fol5?
/fol6?
/fol7?
/fol8?
/fol9?
/fol10?
/fol11?
/fol12?
/fol13?
/fol14?
/fol15?
/fol16?
/fol17?
/fol18?
/fol19?
/mazu1?
/mazu2?
/mazu3?
/mazu4?
/mazu5?
/mazu6?
/mazu7?
/mazu8?
/mazu9?
/mazu10?
/mazu11?
/mazu12?
/mazu13?
/mazu14?
/mazu15?
/mazu16?
/mazu17?
/mazu18?
/mazu19?
/wyxi1?
/wyxi2?
/wyxi3?
/wyxi4?
/wyxi5?
/wyxi6?
/wyxi7?
/wyxi8?
/wyxi9?
/wyxi10?
/wyxi11?
/wyxi12?
/wyxi13?
/wyxi14?
/wyxi15?
/wyxi16?
/wyxi17?
/wyxi18?
/wyxi19?
/xadar1?
/xadar2?
/xadar3?
/xadar4?
/xadar5?
/xadar6?
/xadar7?
/xadar8?
/xadar9?
/xadar10?
/xadar11?
/xadar12?
/xadar13?
/xadar14?
/xadar15?
/xadar16?
/xadar17?
/xadar18?
/xadar19?

# Reference: https://www.virustotal.com/gui/file/1c434fd7f859e8fdcdcdaa40676cb7ad4a80e1e4728178effc9c8a9c96598c87/detection

badionard.com

# Reference: https://www.virustotal.com/gui/ip-address/146.0.72.86/relations

meturongo.com

# Reference: https://www.virustotal.com/gui/file/a9433138419965e4176c051e33fe88c39dd23150a9c5d498b37f572bc974e142/detection

minustorm.com

# Reference: https://www.virustotal.com/gui/ip-address/146.0.72.90/relations

menutiming.com

# Reference: https://www.virustotal.com/gui/file/f0f04920761830d956a52105ff6c6b896f084c453fcf25b6e2c6336ddbb6e5d2/detection

beegtrading.com

# Reference: https://github.com/pan-unit42/tweets/blob/master/2021-06-21-TA551-IOCs-for-Ursnif.txt

albumtv2009b.com
checkbaileyd.com
conwayfilmg.com
farmerdwarfg.com
houstontermg.com
normalharmond.com
/focy1?
/focy2?
/focy3?
/focy4?
/focy5?
/focy6?
/focy7?
/focy8?
/focy9?
/focy10?
/focy11?
/focy12?
/focy13?
/focy14?
/focy15?
/focy16?
/focy17?
/focy18?
/focy19?

# Reference: https://twitter.com/reecdeep/status/1407262328140320769

gerimerunollu.club
herimerunollu.club
jerimerunollu.club
kerimerunollu.club
lerimerunollu.club

# Reference: https://www.virustotal.com/gui/ip-address/45.150.67.139/relations
# Reference: https://www.virustotal.com/gui/file/7bcf94551f01cde9cc82ea6c5b86929eb4ec341adf30af715af2bf0c2ecb6ed4/detection
# Reference: https://www.virustotal.com/gui/file/31b94c5a94aa8ce7e187360b0dc702b473d1c5d498d4de26f137b272ccbadaed/detection

gogorobest.xyz
risingcopter.xyz

# Reference: https://labs.sentinelone.com/evasive-maneuvers-massive-icedid-campaign-aims-for-stealth-with-benign-macros/
# Reference: https://otx.alienvault.com/pulse/60d584d46294b971bc361a14

awkwardmanagement2013z.com

# Reference: https://twitter.com/reecdeep/status/1409826569984557059

consaltyng.com
dreamfjdjslkdskdn.website
ghjakappoppepeodkd.website
hteadclsspdkmdasd.live

# Reference: https://twitter.com/ScarletSharkSec/status/1409936247406186496
# Reference: https://www.virustotal.com/gui/ip-address/45.153.230.72/relations
# Reference: https://app.any.run/tasks/be037f93-1dc6-4c43-9573-890eb9b5b773/

normalharmond.com
onealcoins.com
pairmayerd.com
powersnerveg.com
printdraked.com
splitcargo2011b.com
welchrescueg.com
/duce1?
/duce2?
/duce3?
/duce4?
/duce5?
/duce6?
/duce7?
/duce8?
/duce9?
/duce10?
/duce11?
/duce12?
/duce13?
/duce14?
/duce15?
/duce16?
/duce17?
/duce18?
/duce19?
/hyh1?
/hyh2?
/hyh3?
/hyh4?
/hyh5?
/hyh6?
/hyh7?
/hyh8?
/hyh9?
/hyh10?
/hyh11?
/hyh12?
/hyh13?
/hyh14?
/hyh15?
/hyh16?
/hyh17?
/hyh18?
/hyh19?
/sep1?
/sep2?
/sep3?
/sep4?
/sep5?
/sep6?
/sep7?
/sep8?
/sep9?
/sep10?
/sep11?
/sep12?
/sep13?
/sep14?
/sep15?
/sep16?
/sep17?
/sep18?
/sep19?

# Reference: https://www.malware-traffic-analysis.net/2021/06/30/index.html

caseytackleg.com
fordlogisticss.com
newmangass.com
testmahoneyd.com
wearevansd.com
/jaki1?
/jaki2?
/jaki3?
/jaki4?
/jaki5?
/jaki6?
/jaki7?
/jaki8?
/jaki9?
/jaki10?
/jaki11?
/jaki12?
/jaki13?
/jaki14?
/jaki15?
/jaki16?
/jaki17?
/jaki18?
/jaki19?

# Reference: https://github.com/pan-unit42/tweets/blob/master/2021-06-28-TA551-IOCs-for-Trickbot.txt

championriced.com
curvecraft2003b.com
enliststorage2016b.com

# Reference: https://twitter.com/reecdeep/status/1412326296332472324

auredosite.club
guredosite.shop
ruredosite.shop
vuredosite.club
wuredosite.shop
welcombiz.com

# Reference: https://twitter.com/reecdeep/status/1413401630905614337

biopiof.at
flashgameo.at
intoolkom.at
kargoapp.at
larenot.at
yaronav.at
monotreener.com
navialpo.com
app.flashgameo.at
apr.intoolkom.at
free.monotreener.com
gtk5.yaronav.at
io.feen007.at
kas.kargoapp.at
pop.biopiof.at
sam.larenot.at
v3.navialpo.com
l46t3vgvmtx5wxe6.onion
r23cirt55ysvtdvl.onion

# Reference: https://twitter.com/reecdeep/status/1414873034234679296

http://94.198.40.2
http://94.198.40.22
http://94.198.40.24
bizneswow.com
drawmaster.click
dronmakerparallel.email
masterrrlakuno.com
moonlightparallels.email
parallelsmaster.com
saleconsalt.com

# Reference: https://twitter.com/reecdeep/status/1414878988103790593

http://5.8.71.66
37.120.222.138:9955

# Reference: https://twitter.com/f3d__/status/1415292356056784902

91.132.139.139:9955

# Reference: https://twitter.com/malware_traffic/status/1416148059898138625
# Reference: https://www.virustotal.com/gui/ip-address/45.153.230.154/relations

donaldsonhourg.com
lifeproperty2017b.com
suitweeksd.com

# Reference: https://www.virustotal.com/gui/ip-address/45.153.230.151/relations
# Reference: https://www.virustotal.com/gui/file/cf0de0c3ff0e337e47088e11c0867dda9709eaafa0a1c095c132e9b87722158e/detection
# Reference: https://www.virustotal.com/gui/file/6b94e6319e46f52058d5f0c1bc07d7e367152e3bb769f2fd1af097914fe64ce3/detection

airloweryd.com
andersenrealtys.com
/rymes1?
/rymes2?
/rymes3?
/rymes4?
/rymes5?
/rymes6?
/rymes7?
/rymes8?
/rymes9?
/rymes10?
/rymes11?
/rymes12?
/rymes13?
/rymes14?
/rymes15?
/rymes16?
/rymes17?
/rymes18?
/rymes19?

# Reference: https://twitter.com/James_inthe_box/status/1418253931080163328
# Reference: https://www.virustotal.com/gui/ip-address/80.92.206.119/relations
# Reference: https://app.any.run/tasks/6bb69a5a-c292-4038-a2d5-879cad8a8a11/

saundersremindg.com
vastretail2005b.com
/nete1?
/nete2?
/nete3?
/nete4?
/nete5?
/nete6?
/nete7?
/nete8?
/nete9?
/nete10?
/nete11?
/nete12?
/nete13?
/nete14?
/nete15?
/nete16?
/nete17?
/nete18?
/nete19?

# Reference: https://www.virustotal.com/gui/file/9c49c261ffce3c7e109564c981f9cec0aad4b7abc7bba60d9ea72ca5bb824d14/detection

landryfocusg.com
/heme1?
/heme2?
/heme3?
/heme4?
/heme5?
/heme6?
/heme7?
/heme8?
/heme9?
/heme10?
/heme11?
/heme12?
/heme13?
/heme14?
/heme15?
/heme16?
/heme17?
/heme18?
/heme19?
/qytq1?
/qytq2?
/qytq3?
/qytq4?
/qytq5?
/qytq6?
/qytq7?
/qytq8?
/qytq9?
/qytq10?
/qytq11?
/qytq12?
/qytq13?
/qytq14?
/qytq15?
/qytq16?
/qytq17?
/qytq18?
/qytq19?

# Reference: https://twitter.com/f3d__/status/1404827876814475266

http://185.156.172.67
http://23.227.207.227
erectificateboly.us

# Reference: https://twitter.com/f3d__/status/1384882905785290753

wikide.at

# Reference: https://twitter.com/James_inthe_box/status/1418626127325634562
# Reference: https://twitter.com/Iam4ndr3y/status/1418627131609952259
# Reference: https://www.virustotal.com/gui/ip-address/136.244.99.44/relations
# Reference: https://www.virustotal.com/gui/file/32cd6e462dc064f7cab7a63130016179626f733e5ee8db77dcf8c3806aea191f/detection
# Reference: https://www.virustotal.com/gui/file/d2a52d712a5ae995076ef40fc4e6d15aa706bf4633153ec2e103174b493a13f6/detection

awscloudupdate.com
wwsusupdate.com

# Reference: https://twitter.com/f3d__/status/1419560597008658433

happynewyearpeople.club

# Reference: https://twitter.com/JAMESWT_MHT/status/1419946260266725377
# Reference: https://twitter.com/f3d__/status/1419971237674197004

allianceline.bar
alliancer.bar
alliances.bar
screenline.bar

# Reference: https://twitter.com/stoerchl/status/1419982789001285646

mccluresausageg.com
obeymanagement2016b.com
pauleastg.com
solisgardenings.com
surprisesavings2017b.com
tidepost2019b.com
wagetv2014b.com
weirdfryd.com

# Reference: https://www.virustotal.com/gui/file/7d2a27839855e5e3770eaab7d2fc70c136533823e270ba3b92b52e138ecc356b/detection

branchsuitg.com

# Reference: https://www.virustotal.com/gui/file/8143501d9cfc3537a5854e570031c2f5cfe402f75a66aebdb934bad12a1d1286/detection

beforehebertd.com

# Reference: https://www.virustotal.com/gui/ip-address/80.92.206.183/relations

doseaudit2013b.com
heathcargos.com

# Reference: https://www.virustotal.com/gui/ip-address/45.144.29.27/relations

kitchenstorage1999b.com

# Reference: https://twitter.com/luc4m/status/1420009554755080192

blogerslines.com
blogerslives.com
blogspoints.com
blogspoints.ru
filmspoints.com
linesblogers.bar

# Reference: https://twitter.com/ni_fi_70/status/1064840433539399680

kyllborena.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1420300517796876289

anybiznes.com
daskdjknefjkewfnkjwe.net
inthisplase.com
zaluoa.live

# Reference: https://twitter.com/ps66uk/status/1420875603851497477
# Reference: https://tria.ge/210729-wvpcwx5t4s

antoinfer.com
gtr.antoinfer.com

# Reference: https://tria.ge/210726-awlmhd9jae

http://51.195.37.148
http://79.141.167.174
http://79.141.174.171
rockday7.xyz
saverop9.xyz

# Reference: https://tria.ge/210713-qqkdh5dg2a

uploner.at
yapker.at
gtk.uploner.at
tb.yapker.at

# Reference: https://twitter.com/stoerchl/status/1421018115413008384

bennettsavingss.com
dicksonmuseumg.com
intactoil2001b.com
lewisliftg.com
limblarsond.com
shawgardenings.com
vupipess.com
wilkinstransportss.com

# Reference: https://twitter.com/stoerchl/status/1421194965070323712

brewermeshg.com
novaksavingss.com
thereconnerd.com
zamorapitchg.com

# Reference: https://twitter.com/James_inthe_box/status/1422191753218576392
# Reference: https://app.any.run/tasks/e9dfe8ff-b4a8-4262-8269-f7f2a1d11f29/
# Reference: https://www.virustotal.com/gui/file/a66f69b2c2320fa2bb4b6ab429dd318903db14a56418acc54ecffac8c9592afe/detection

camachovioling.com
/vaq1?
/vaq2?
/vaq3?
/vaq4?
/vaq5?
/vaq6?
/vaq7?
/vaq8?
/vaq9?
/vaq10?
/vaq11?
/vaq12?
/vaq13?
/vaq14?
/vaq15?
/vaq16?
/vaq17?
/vaq18?
/vaq19?

# Reference: https://twitter.com/stoerchl/status/1422526563728433154

adjustoil2020b.com
camachovioling.com
carpetoil2005b.com
jumpwashingtond.com
knightmortgage2r.com
menucraft2004b.com
millscruelg.com
sprayvillad.com

# Reference: https://twitter.com/James_inthe_box/status/1422572684953620481
# Reference: https://app.any.run/tasks/1c5348c3-fabd-4887-ba31-65ea9c5ba282/

millscruelg.com
/xar1?
/xar2?
/xar3?
/xar4?
/xar5?
/xar6?
/xar7?
/xar8?
/xar9?
/xar10?
/xar11?
/xar12?
/xar13?
/xar14?
/xar15?
/xar16?
/xar17?
/xar18?
/xar19?

# Reference: https://twitter.com/stoerchl/status/1423227837054660609

berrytvs.com
despairdelivery2015b.com
elevatorbernald.com
hessroughg.com
medranooveng.com
mercycarrolld.com
pottermanagements.com
volumeoil2015b.com

# Reference: https://threatfox.abuse.ch/browse/tag/TA551/

andersonbtcs.com
beanoil2007b.com
beckgazeg.com
blanchardrealtys.com
clipraymondd.com
copelandmanagements.com
gainoil2004b.com
glareestradad.com
hamiltonrecipeg.com
hortonheavyg.com
hubertrapg.com
lyonshouseholds.com
movekochd.com
nephewboring2013b.com
palacemanagement2012b.com
randallbidg.com
scancargo2010b.com
siblingwileyd.com
sloanavocadog.com
steptransport2017b.com
strugglevincentd.com
wayhensond.com
woodfrancisd.com
woodfringeg.com

# Reference: https://www.virustotal.com/gui/file/ca6d2c89e020068722d1509a6e77ceb3b1b821682018206e2a0e28876f9ed2f6/detection

hotroad.cyou

# Reference: https://twitter.com/stoerchl/status/1423619774916042764

bernardrentalss.com
curtainbeild.com
davilafunds.com
disagreemossd.com
haleassetss.com
keithestates.com
naivenielsend.com
parkerarrangeg.com
stoolstorage2007b.com
wigginsstorages.com

# Reference: https://app.any.run/tasks/86d33d31-6d9e-466a-8597-a07284072afd/

/kygor1?
/kygor2?
/kygor3?
/kygor4?
/kygor5?
/kygor6?
/kygor7?
/kygor8?
/kygor9?
/kygor10?
/kygor11?
/kygor12?
/kygor13?
/kygor14?
/kygor15?
/kygor16?
/kygor17?
/kygor18?
/kygor19?

# Reference: https://www.virustotal.com/gui/file/66bcee752c3f91bd1d40ad87aeec6c1d0e575e0c77c9a68bb252bb28e4ab4b9e/detection

/zed1?
/zed2?
/zed3?
/zed4?
/zed5?
/zed6?
/zed7?
/zed8?
/zed9?
/zed10?
/zed11?
/zed12?
/zed13?
/zed14?
/zed15?
/zed16?
/zed17?
/zed18?
/zed19?

# Reference: https://www.virustotal.com/gui/file/8b4bd29d5005512e1bd631a3a41420ea37045827cbe04a8ce56127aa1db127f7/detection

/xspcd1?
/xspcd2?
/xspcd3?
/xspcd4?
/xspcd5?
/xspcd6?
/xspcd7?
/xspcd8?
/xspcd9?
/xspcd10?
/xspcd11?
/xspcd12?
/xspcd13?
/xspcd14?
/xspcd15?
/xspcd16?
/xspcd17?
/xspcd18?
/xspcd19?

# Reference: https://twitter.com/JAMESWT_MHT/status/1425013371540234264

bizplase.com
formarketings.com
boyuleruner.online
coyuleruner.online

# Reference: https://twitter.com/reecdeep/status/1425012639252504603

http://91.90.121.61
http://91.90.121.62
http://91.90.121.66
7goldenmairs.club
8goldenmairs.club

# Reference: https://twitter.com/reecdeep/status/1437711190361313281

http://193.239.84.209
http://193.239.84.212
http://193.239.84.215
inbiz-cons.com
freeepokiiiskkll.nl
hlooopoppoplpppp.nl
jklooopooooreer.nl
permanentitaly.nl
yoooziioiosiooo.nl

# Reference: https://twitter.com/stoerchl/status/1437751035255209987

changepost2019b.com
clarkerentalss.com
erapost2009b.com
fryeestates.com
gownstevensond.com
marksvelvetg.com
shybauerd.com
toothoil2015b.com

# Reference: https://twitter.com/ASEC_Analysis/status/1437959405874532356

dogcoin2017b.com
howeretails.com
martininnerg.com
villanuevamortgages.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1447512727904309248

areuranel.website
breuranel.website
extrabizs.com

# Reference: https://twitter.com/reecdeep/status/1450021503207153664

http://193.239.85.4
http://193.239.85.56
http://45.9.20.190
193.239.85.4:443
193.239.85.56:443
45.9.20.190:443
consaltbiznes.com
gderrrpololo.net
gpoolol.com
hrappunos.com
peajame.com

# Reference: https://twitter.com/dark0pcodes/status/1456632887403503629
# Reference: https://pastebin.com/8Af7kn8G

http://103.155.92.74
http://134.0.117.195
http://149.248.56.70
http://155.138.155.90
http://176.99.12.113
http://185.156.172.45
http://185.156.172.46
http://185.186.245.232
http://185.186.246.34
http://185.221.202.179
http://193.187.96.107
http://193.239.85.58
http://193.27.14.207
http://193.27.14.209
http://195.123.234.95
http://195.123.240.113
http://199.192.20.142
http://199.192.22.35
http://216.128.183.103
http://216.238.72.137
http://31.148.99.169
http://37.120.206.119
http://37.120.206.70
http://45.130.151.190
http://45.130.151.191
http://45.130.151.195
http://45.130.151.199
http://45.9.20.245
http://45.90.57.19
http://46.21.153.161
http://74.119.192.153
http://74.119.192.163
http://80.209.252.129
http://89.41.26.122
http://89.41.26.85
http://89.44.9.140
http://89.44.9.146
http://89.44.9.160
http://89.45.4.110
http://89.45.4.117
http://93.170.123.138
103.155.92.74:443
134.0.117.195:443
149.248.56.70:443
155.138.155.90:443
176.99.12.113:443
185.156.172.45:443
185.156.172.46:443
185.186.245.232:443
185.186.246.34:443
185.221.202.179:443
193.187.96.107:443
193.239.85.58:443
193.27.14.207:443
193.27.14.209:443
195.123.234.95:443
195.123.240.113:443
199.192.20.142:443
199.192.22.35:443
216.128.183.103:443
216.238.72.137:443
31.148.99.169:443
37.120.206.119:443
37.120.206.70:443
45.130.151.190:443
45.130.151.191:443
45.130.151.195:443
45.130.151.199:443
45.9.20.245:443
45.90.57.19:443
46.21.153.161:443
74.119.192.153:443
74.119.192.163:443
80.209.252.129:443
89.41.26.122:443
89.41.26.85:443
89.44.9.140:443
89.44.9.146:443
89.44.9.160:443
89.45.4.110:443
89.45.4.117:443
93.170.123.138:443

# Reference: https://tria.ge/210924-k5qkvsgdg7

avyanok.com
biopiof.at
dangerboy.at
intoolkom.at
l46t3vgvmtx5wxe6.onion
langoonik.com
microsoftsofymicrosoftsoft.at
r23cirt55ysvtdvl.onion
redhatbabby.at
apr.intoolkom.at
art.microsoftsofymicrosoftsoft.at
fgx.dangerboy.at
fop.langoonik.com
poi.redhatbabby.at
pop.biopiof.at
v10.avyanok.com

# Reference: https://tria.ge/210928-r4kfsaccem

http://193.56.255.249
http://193.56.255.250
http://193.56.255.251
193.56.255.249:443
193.56.255.250:443
193.56.255.251:443
gumolerunosell.online
numolerunosell.online
rumolerunosell.online

# Reference: https://tria.ge/210910-kkeymahgd3

haverit.xyz

# Reference: https://twitter.com/luc4m/status/1450808120813531138

blogerslines.bar
blogerslines.casa
blogerslines.com
blogerslines.ru
blogspoints.bar
blogspoints.casa
blogspoints.com
blogspoints.ru
linesblogers.bar
linesblogers.casa
linesblogers.com
linesblogers.ru

# Reference: https://twitter.com/reecdeep/status/1462733181799571465

http://37.120.206.71
http://37.120.206.72
http://45.9.20.197
37.120.206.71:443
37.120.206.72:443
45.9.20.197:443
avolebukoneh.website
golebukoneh.site
technoshoper.com
trasportinger.com
volebukoneh.site

# Reference: https://twitter.com/reecdeep/status/1462737989826756613

http://185.212.47.33
http://89.44.9.149
185.212.47.33:443
185.212.47.33:9955
89.44.9.149:443

# Reference: https://github.com/hpthreatresearch/iocs/blob/main/TA551/domains.txt

0699abstract6.com
109cfoam2.com
11swear8.com
14e1position5.com
15peace6.com
1998-hale-gas.com
1998-hess-btc.com
1c50tired3.com
1d1steel4.com
2000-duncan-stock.com
2000-mclaughlin-rentals.com
2000-owens-savings.com
2003-keller-logistics.com
2003-mccullough-rentals.com
2003-ortega-coin.com
2005-sampson-property.com
2006-ray-craft.com
2009-wolf-pipes.com
2010-george-boring.com
2012-harding-btc.com
2012-henry-btc.com
2012-pearson-property.com
2014-howe-rentals.com
2015-parsons-tv.com
2017-flowers-btc.com
2018-cordova-management.com
2019-hoover-gardening.com
2019-mcconnell-crypto.com
2020-hamilton-delivery.com
2020-santiago-pipes.com
2020-waller-property.com
2021-mcclure-rentals.com
2021-shields-foods.com
298season8.com
2fish1.com
3crouch1.com
3ladder2.com
3phone5.com
41c1visa6.com
44engine2.com
4buzz8.com
4cunable2.com
4dsilent3.com
51dgadget2.com
54cquality1.com
5matrix7.com
662ekeep6.com
695c0lock1.com
69market2.com
69toward3.com
6c1maple8.com
7ab7lunar7.com
8170ozone6.com
84b7echief4.com
8aasun1.com
8bench2.com
8dsuspect8.com
8olive3.com
9298remember8.com
98magnet3.com
a8stand4.com
acevedobasez.com
action-cole2007.com
ad7slender3.com
adams2020-cargo.com
adjustoil2020b.com
again-becker2015.com
albumtv2009b.com
allisonshyg.com
alone-pham2010.com
already-baldwin1999.com
alreadyhobbsd.com
alwaysguerreroz.com
alwaysmarket2015b.com
andersenrealtys.com
andersonbtcs.com
announceico2018b.com
aresist6.com
audit-logistics-2020.com
australis925.com
avalostaxis.com
awaremanagement1999b.com
awkwardmanagement2013z.com
axiscoin2007b.com
ayerspitchg.com
b0ainvite8.com
b0db3dice4.com
b7edream7.com
bacon-melendez2021.com
barnettdenyg.com
barronlogicg.com
bartonbtcs.com
bartonmercyz.com
beanoil2007b.com
beautypipes2017b.com
beckgazeg.com
beforehebertd.com
beilgardenings.com
believehousehold2020b.com
beltmorgand.com
bennettsavingss.com
berger2016-taxi.com
bernardrentalss.com
berrydeliverys.com
berrytvs.com
bestranchg.com
better-transport-2008.com
bfa62ostrich1.com
bguitar6.com
blanchardcultureg.com
blanchardrealtys.com
board-good2005.com
bondruleg.com
booneaudits.com
boost-reese2015.com
bowen2017-cargo.com
branchsuitg.com
breezebishopd.com
brewermeshg.com
brookscargos.com
broomcarpenterd.com
brown-craft-2018.com
bryanfoodss.com
buchananfundz.com
buckleyestat1es.com
burkeaudits.com
burkeicos.com
burkesphereg.com
burnsbuddyg.com
burnsrentalsa.com
burtoncarbong.com
c1left4.com
c1then3.com
calderonaccessz.com
calderonlogicg.com
camachovioling.com
canalfarod.com
capablesellersd.com
cardenascleanings.com
cardenasoutsourcingz.com
cardvanga.com
cargobradshawz.com
carpenterwonderg.com
carpetoil2005b.com
carrilloestatez.com
carwaded.com
caseytackleg.com
cattle-crypto-2005.com
cattle-spears2020.com
cementaudit2015z.com
cervantesglareg.com
championriced.com
chandlerdustg.com
chandlerwidea.com
changepost2019b.com
changfix.com
chargehalld.com
chaseexciteg.com
chavezuniqueg.com
checkbaileyd.com
checkrosasd.com
chen2004-delivery.com
chung2018-transport.com
clarkerentalss.com
clipraymondd.com
clockcrypto2016z.com
clogphan.com
closemanagement2001b.com
cloth-foster2016.com
coachstorage2020b.com
collins2018-services.com
colontaxia.com
combinefoods2019b.com
conceitorg2.com
connectbentleyd.com
conradmarkets.com
conwayfilmg.com
cookassetss.com
cooksortg.com
copelandmanagements.com
coronabag123qq.com
correcteverettz.com
coststorage1998z.com
coursemcclurez.com
coursereidd.com
cousinrentals2000b.com
craig2020-pipes.com
creekpipes2009b.com
cricket-audit-2003.com
cross2014-gas.com
cryfund2015z.com
cstsodor5.com
cuberentals2017a.com
cunninghamretailz.com
curtainbeild.com
curvecraft2003b.com
custom-assets-2011.com
d36f2offer1.com
da6mystery1.com
damp-rentals-2011.com
danielsaudits.com
daughtershieldsa.com
davilafunds.com
daydinnerg.com
ddizzy7.com
debate-reilly2001.com
dejesusmarketa.com
delgadologisticss.com
despairdelivery2015b.com
dfsgah2refu.com
dickersonlabelg.com
dicksonmuseumg.com
digivape3.com
digivape6.com
disagreemossd.com
dizzyschultzz.com
djexpect6.com
dmovie3.com
dogcoin2017b.com
donaldsonhourg.com
doseaudit2013b.com
douglastransportz.com
drakeauntg.com
drakeluckyg.com
dressmarket1998z.com
dresssteeled.com
drillhousehold2020z.com
drinkcrypto2020b.com
drumzhangd.com
duckmanagement2021b.com
duffyservicesz.com
dunnsecurityg.com
dvqsvcover7.com
dyernoiseg.com
e48cereal4.com
ecologycraft1998b.com
ecreopen2.com
eight-collier2005.com
elevatorbernald.com
ellistriggerg.com
endorseconnerd.com
energypetersond.com
enliststorage2016b.com
enriquezlogisticss.com
entiredelivery2014b.com
erapost2009b.com
erodecraft2005b.com
escobarestatez.com
essay-stock-2011.com
essence-nunez1998.com
essencedudleya.com
ethicsenriquezz.com
evokemccalld.com
exactariasd.com
exposetaxi2011b.com
f35car2.com
fameibarrad.com
family-harvey2015.com
farmerdwarfg.com
faulthickmand.com
fbfurnace6.com
fd4system2.com
fd87cup5.com
ffavorite4.com
filmcostad.com
fischeraudits.com
fixdisorder5.com
flameaudit2016b.com
flamesingletond.com
flipwilkersond.com
floresballg.com
florestaxis.com
flowerbaxterd.com
fluidhebertz.com
foamsantosa.com
fordlogisticss.com
fossilboring2017z.com
foxcargo2016b.com
francopublicg.com
frogretail2016b.com
frownstorage2011z.com
fryeestates.com
gaines2000-property.com
gainesslushg.com
gainoil2004b.com
garage-outsourcing-2001.com
garciatva.com
garment-crypto-2008.com
garrettgenius.com
gatherdavilaa.com
gaze-baker2019.com
gilbertplasticg.com
gilesawakeg.com
gilesservicess.com
giraffemullend.com
glareestradad.com
glasshollowayd.com
glassrouteg.com
glmuomaze4.com
global443.com
glowstorage2001b.com
goldendesigng.com
goose-gaines2011.com
gouldaudits.com
gownstevensond.com
gregorydentistg.com
guzman2008-gas.com
haleassetss.com
haley2019-gas.com
haleymarkets.com
halldignityg.com
hamiltonrecipeg.com
hamiltontrialg.com
hand-mcintosh2012.com
hansenchoiceg.com
harperglobea.com
harringtonsavingss.com
harris2021-realty.com
hartmancarg.com
hcdslush4.com
heathcargos.com
hendersoncryptoa.com
herringpurityg.com
hesshouseholdz.com
hessroughg.com
hickscraftz.com
hollandmovieg.com
holthighg.com
hopkinsstocka.com
hornhartmand.com
hortonheavyg.com
houstontermg.com
howeretails.com
hphmvicious4.com
huang2013-post.com
hubertrapg.com
hudsonborrowg.com
hullmorningg.com
husbandsavings2021b.com
hutchinsonroofg.com
ibarrapipess.com
iconassets2019b.com
ietbean7.com
illnessconnerd.com
imitatebowmand.com
inheritmontesd.com
intactoil2001b.com
involve-logistics-2000.com
ipretty7.com
islandproctord.com
islandwrightd.com
ivorytaxi2004.com
jacksonjoyg.com
jarvisallg.com
jelly-abbott2012.com
jerosion6.com
johnstontransports.com
jsenior6.com
jumpwashingtond.com
keith2004-mortgage.com
keithestates.com
kennedyamountg.com
kerrrippleg.com
kewwash6.com
kitchenstorage1999b.com
kitten-weiss2020.com
knightmortgage2r.com
knoxtrapg.com
kprtoy8.com
ladderadamsd.com
lamboils.com
landryfocusg.com
lara2021-management.com
larsencleanings.com
larsendisorderg.com
laterpost2016b.com
laticalmost6.com
lawrencetvs.com
leafingrama.com
leblanctaxis.com
lecturepersond.com
legend-mortgage-2016.com
leisurehawkinsd.com
lend-hammond2012.com
lewisliftg.com
lexecute8.com
librarycoin2006b.com
lifeproperty2017b.com
limblarsond.com
linlogisticsz.com
listfoods2021b.com
livewallerd.com
livingstongardenings.com
lleft5.com
lockcollinsd.com
lomdfwish7.com
lopezcoinz.com
loudgas2016b.com
lozanodenialz.com
lumber-household-2016.com
lumysteryz.com
lyonshouseholds.com
macdonaldjaguarg.com
makestantond.com
malonegateg.com
mandatewilsona.com
manningretails.com
mannsilentg.com
marblevargasa.com
marinjourneyg.com
marintokeng.com
marksvelvetg.com
martininnerg.com
masseyeffortg.com
maxwell2009-fund.com
maynard2007-retail.com
maynardchickeng.com
mccluresausageg.com
mckenzienation.com
mcleanbounceg.com
mcyzncouch7.com
measuremanagement2001b.com
medranooveng.com
menucraft2004b.com
mercycarrolld.com
messageico2015b.com
meyercleanings.com
meyersretails.com
michael2020-estate.com
michaelgardenings.com
middletonvoteg.com
millscruelg.com
miraclerentals2007b.com
mitchellcleaningz.com
mixbennettd.com
mixestate2007b.com
mixoil2005b.com
monitorcoin2019b.com
montgomeryretails.com
montoya1999-taxi.com
morton2021-property.com
mortonsentenceg.com
mosesretailz.com
move-outsourcing-2021.com
movekochd.com
mquote4.com
mrlhsattitude3.com
muchmurillod.com
naivenielsend.com
nastywoodwardd.com
naturestantond.com
navarrorentalsz.com
neglect-retail-2007.com
nephewboring2013b.com
netoutsourcing2007.com
newmangass.com
newton2008-mortgage.com
nmdinner5.com
nobleaudits.com
normalharmond.com
noticelynnz.com
novaksavingss.com
novelmckayd.com
nzbeight3.com
obeymanagement2016b.com
ocorgan1.com
offerkleind.com
officecleaning2018b.com
ohujskill3.com
olympic-horn2018.com
onealcoins.com
onlineshepardd.com
operarentals2006b.com
ordinarysantosd.com
oven-property-1998.com
oyster-mann2021.com
ozoneproperty2016b.com
pactrichardsz.com
padillatalkg.com
pairmayerd.com
palacemanagement2012b.com
palmer2012-taxi.com
parkerarrangeg.com
parkfinishg.com
parkstrustg.com
patrolbergerd.com
pauleastg.com
penaltyoutsourcing2012b.com
perfectbernald.com
phelpsdebateg.com
picnicmarket1998z.com
pilotcleaning2007a.com
pinedacryptos.com
pioneer-storage-2004.com
pittmandeliverg.com
placeoil1999b.com
polecargo2015z.com
policearellanoz.com
poncecrushz.com
poolgloverd.com
pottermanagements.com
povertyboring2020b.com
povertymanagement2018b.com
powder-cabrera2019.com
power-estate-2015.com
powersnerveg.com
praisegravesd.com
prattposts.com
present-anthony2006.com
presenthollandd.com
prison-audit-2017.com
problemhowardz.com
produce-ahmed2016.com
project-cargo-1999.com
prosper-tv-2015.com
pullcervantesd.com
pulpfarmerd.com
punchtrujillod.com
purposerentals2001a.com
purse-burns2020.com
purse-realty-2007.com
qkdwink1.com
quitfitzgeraldd.com
race-crypto-2021.com
ramoscaptaing.com
ramseyquantumz.com
randallbidg.com
random-fund-2007.com
ravenduranz.com
rawstock2020z.com
raycrypto1.com
reducesalasd.com
reedleaveg.com
reevesawesomez.com
regretmanagement2016b.com
regularcallahand.com
remainweeksd.com
reviewhowed.com
ribswansonz.com
richardsoncoins.com
riosretails.com
roachfoodsz.com
robertsonlayerg.com
rochacatchg.com
romanoils.com
rosas1999-property.com
rosemayerd.com
rush2013-logistics.com
russellactg.com
ryanchalkg.com
ryancryptos.com
sampsonlunarg.com
santiagomortgages.com
saundersremindg.com
sawakeg.com
scancargo2010b.com
scaregardening2008b.com
sciencebridgesa.com
scoutpalmerd.com
screengardening2018b.com
seriessavings2018b.com
shallow-collier2011.com
shawgardenings.com
sheltondepositg.com
shepard2018-transport.com
shock-cordova2005.com
shootfrankd.com
shopcooka1a-tw1e.com
shoulderelliottd.com
shufflepugha.com
shybauerd.com
shycoin2021b.com
siblingwileyd.com
silvaicoz.com
silverbucka.com
similar-mccann1999.com
similarmanagement2007b.com
simpsonsavingss.com
sisteraudit2019z.com
skill-assets-2012.com
sloanavocadog.com
smanagements.com
smpatient6.com
smpnwoman2.com
soccerassets2007b.com
solisgardenings.com
someonerentals2012b.com
sort-maynard2001.com
spanic2.com
spellcoled.com
spinbtc2010a.com
splitcargo2011b.com
spotservices2015b.com
sprayvillad.com
squaremurphyz.com
stanton2017-boring.com
starkthoughtz.com
steptransport2017b.com
stevensondilemmag.com
stonefoodss.com
stoolpipes2014b.com
stoolstorage2007b.com
streetboring2011z.com
stricklandspeakg.com
strugglevincentd.com
suarezhandg.com
subject-clayton2017.com
suchtv2012b.com
suitweeksd.com
summersdishg.com
sunalvarezd.com
sureellisond.com
surface-management-2008.com
surprisesavings2017b.com
swansonauditz.com
tag-btc-2020.com
tapia2005-estate.com
tapiaoutsourcings.com
teachsellersd.com
tentassets2008b.com
terrellhumorg.com
testmahoneyd.com
thereconnerd.com
theyretail2012b.com
thriveparrad.com
thumbfordd.com
thumbstorage1998b.com
tidepost2019b.com
tip-stone2013.com
tokensantanad.com
tooldunlap.com
toothoil2015b.com
topproperty1998b.com
tradehowarda.com
transfer-gas-2008.com
tribegloverd.com
trim-storage-2015.com
trimretail2008z.com
turner2006-services.com
turngas2008z.com
turtleoil1998b.com
tvvsystem8.com
ufatigue4.com
ufjypdinosaur6.com
unouter7.com
updatecraft2017b.com
upsetgardening2004b.com
uxeqfury6.com
valdeznobleg.com
vancepipesa.com
vasquezextraz.com
vastretail2005b.com
vaughanrealtys.com
vazquez2015-pipes.com
velasquezstorages.com
verbmcmahond.com
very-lam2018.com
villanuevamortgages.com
vitalcraft2015b.com
volumeoil2015b.com
vupipess.com
wagetv2014b.com
walnut-briggs2019.com
waltersaudits.com
watercargo2000b.com
wayhensond.com
wearevansd.com
weekend-gas-2020.com
weirdfryd.com
wetboydz.com
whenhousehold2005b.com
whitebtca.com
wigginsstorages.com
wilcoxspendg.com
wilkersonsilentg.com
wilkinstransportss.com
willhoused.com
willissetupz.com
wilsonethicsg.com
wilsonsouthg.com
wirecalhound.com
womanedwardsa.com
wongsugarz.com
woodfrancisd.com
woodfringeg.com
woodsassetss.com
woodward2007-gardening.com
yaload4.com
zamorapitchg.com
zqbutter2.com
zslot8.com

# Reference: https://www.virustotal.com/gui/file/71fd2e8ad5dde743adf6ea932badda8c74b9e1570784c542a855f2a573ae0df8/detection

hostingproviderzzz.xyz

# Reference: https://www.virustotal.com/gui/file/ff6e0c1b3b910f55ce5b95fd0ae936fab577383bc550b96976527fe320ae5328/detection

http://185.130.104.182

# Reference: https://www.virustotal.com/gui/file/c2909b39a40f30107ecbde0f626733bd0c829cdf5bcdf3489e0f791c8cfb0983/detection

http://80.85.154.90

# Reference: https://www.virustotal.com/gui/file/515625e9db2a728b9ecf0e3a909bdf070464a902c3450ac7d75bcac4e39de665/detection

http://185.130.104.245

# Reference: https://www.virustotal.com/gui/file/3f23800a94697b1fa8a3e14a3704b69d322bc55b684d9ef4e936e3327af08387/detection
# Reference: https://www.virustotal.com/gui/file/97771364c2fbe854faa26bbea0a62eb7c05ea0793b2d56a21094f650c66e14ce/detection

gwillow28jane.com

# Reference: https://www.virustotal.com/gui/file/2d9604dd26cf22913e8ac96fe9b02aea2f3b99ebc374860a37b9b67a295d5f6d/detection

/ellth1?
/ellth2?
/ellth3?
/ellth4?
/ellth5?
/ellth6?
/ellth7?
/ellth8?
/ellth9?
/ellth10?
/ellth11?
/ellth12?
/ellth13?
/ellth14?
/ellth15?
/ellth16?
/ellth17?
/ellth18?
/ellth19?

# Reference: https://www.virustotal.com/gui/file/281749fc2224da7cb0a97e1d170aacdd4854b60825d1d712e855542fd08ba3e1/detection

clementsmessage.com
/lyry1?
/lyry2?
/lyry3?
/lyry4?
/lyry5?
/lyry6?
/lyry7?
/lyry8?
/lyry9?
/lyry10?
/lyry11?
/lyry12?
/lyry13?
/lyry14?
/lyry15?
/lyry16?
/lyry17?
/lyry18?
/lyry19?

# Reference: https://twitter.com/JAMESWT_MHT/status/1465646039340363776
# Reference: https://twitter.com/reecdeep/status/1465660313135632387

http://37.120.206.73
http://37.120.206.78
http://45.9.20.197
37.120.206.73:443
37.120.206.78:443
45.9.20.197:443
bvolebukoneh.site
dolebukoneh.site
eolebukoneh.site
karfaganda.com
shopingplan.com

# Reference: https://twitter.com/AdamTheAnalyst/status/1466353621373788162

cunninghamicos.com
mayerwealthg.com
winrentals2017b.com
wisdomandrewsd.com

# Reference: https://otx.alienvault.com/pulse/61acaaf606628eeb7f9008f5

iyfnz.com
menehleibe.com

/mady1?
/mady2?
/mady3?
/mady4?
/mady5?
/mady6?
/mady7?
/mady8?
/mady9?
/mady10?
/mady11?
/mady12?
/mady13?
/mady14?
/mady15?
/mady16?
/mady17?
/mady18?
/mady19?

# Reference: https://github.com/pan-unit42/tweets/blob/master/2021-12-10-IOCs-for-TA551-IcedID-infection-with-Cobalt-Strike-and-DarkVNC.txt
# Reference: https://www.virustotal.com/gui/ip-address/146.19.233.44/detection
# Reference: https://www.virustotal.com/gui/file/237f1355050d6afc5f2b6c310b8cf9b97ef83719941c17eddfc89e22417a9200/detection

buchananfoodss.com
copelandbenefitg.com
/repa1?
/repa2?
/repa3?
/repa4?
/repa5?
/repa6?
/repa7?
/repa8?
/repa9?
/repa10?
/repa11?
/repa12?
/repa13?
/repa14?
/repa15?
/repa16?
/repa17?
/repa18?
/repa19?

# Reference: https://twitter.com/gorimpthon/status/1470598869755260928
# Reference: https://www.virustotal.com/gui/ip-address/176.126.113.236/relations
# Reference: https://www.virustotal.com/gui/file/345b0a08e6eec30036bea54004c9547beb8e95fddf7a4c8fbcf5b5e2783629eb/detection

friedmanconsiderg.com
fullerswitchg.com
gillespiepipess.com

# Reference: https://twitter.com/reecdeep/status/1470685509240426496

http://45.9.20.128
http://45.9.20.190
http://79.110.52.215
http://79.110.52.217
45.9.20.128:443
45.9.20.190:443
79.110.52.215:443
79.110.52.217:443
aerukoneru.site
bbpgz.com
berukoneru.website
fortunarah.com
gerukoneru.website
karfaganda.com
serukoneru.site
yerukoneru.site

# Reference: https://twitter.com/pr0xylife/status/1471113913651679237
# Reference: https://www.virustotal.com/gui/file/39d042df0e1068cfde7277fa9f52aaf40b561a98401f43e170e81728d15a2a62/detection
# Reference: https://www.virustotal.com/gui/file/d417f0920f162285bec2846e20e47e64a0830fa98086c25a827a2744ba1f6003/detection
# Reference: https://www.virustotal.com/gui/file/82ee8f2aa9258cfb23fbde5b76e0e83560c5d7f0e2aa297625bbdfffe0b007ff/detection

firenicatrible.com

# Reference: https://twitter.com/JRoosen/status/1471348311760244738

diazbtcs.com
grimesfunds.com
illegalcleaning2003b.com
maldonadoposts.com
richardshusbandg.com
specialcaseyd.com
tuckerrelyg.com

# Reference: https://www.virustotal.com/gui/ip-address/194.62.42.45/relations
# Reference: https://www.virustotal.com/gui/file/64d30e1e1045a9622d2bb5fda5165a4e091122a2482464f2addd8a70b7e2fcb2/detection
# Reference: https://www.virustotal.com/gui/file/b131359b9f24424dbdee23f0aa64057775b8f62d3bc1506a0abd35784621a03c/detection

santiagoposts.com
solomonmiseryg.com
/bebys1?
/bebys2?
/bebys3?
/bebys4?
/bebys5?
/bebys6?
/bebys7?
/bebys8?
/bebys9?
/bebys10?
/bebys11?
/bebys12?
/bebys13?
/bebys14?
/bebys15?
/bebys16?
/bebys17?
/bebys18?
/bebys19?
/myc1?
/myc2?
/myc3?
/myc4?
/myc5?
/myc6?
/myc7?
/myc8?
/myc9?
/myc10?
/myc11?
/myc12?
/myc13?
/myc14?
/myc15?
/myc16?
/myc17?
/myc18?
/myc19?
/posod1?
/posod2?
/posod3?
/posod4?
/posod5?
/posod6?
/posod7?
/posod8?
/posod9?
/posod10?
/posod11?
/posod12?
/posod13?
/posod14?
/posod15?
/posod16?
/posod17?
/posod18?
/posod19?
/zuroq1?
/zuroq2?
/zuroq3?
/zuroq4?
/zuroq5?
/zuroq6?
/zuroq7?
/zuroq8?
/zuroq9?
/zuroq10?
/zuroq11?
/zuroq12?
/zuroq13?
/zuroq14?
/zuroq15?
/zuroq16?
/zuroq17?
/zuroq18?
/zuroq19?

# Reference: https://www.virustotal.com/gui/file/a1db4edb2eae6b81d0d564af48203bba7d1c10110b0dedd23e76eab91ea20e0b/detection

curves.ws
huyasos.in
rorobrun.in
tfslld.ws

# Reference: https://twitter.com/Max_Mal_/status/1478841664311635971
# Reference: https://www.virustotal.com/gui/ip-address/45.142.212.174/relations
# Reference: https://www.virustotal.com/gui/file/e657f699fadc9b66d192a72bfd8a9e50f2a8100661c391819b6f83675c94375a/detection
# Reference: https://www.virustotal.com/gui/file/34af0fd372e5f5ed2252bdcf6dcf60c7dc4f705ac23ea4171bf4be5cc30b431a/detection
# Reference: https://www.virustotal.com/gui/file/8a05777456543848ae7a004126d144b947f4c6ba9b3cebcdfe3ae82216e9bede/detection

bendercarpetg.com
figueroascorpiong.com
harmoncleanings.com
/myla1?
/myla2?
/myla3?
/myla4?
/myla5?
/myla6?
/myla7?
/myla8?
/myla9?
/myla10?
/myla11?
/myla12?
/myla13?
/myla14?
/myla15?
/myla16?
/myla17?
/myla18?
/myla19?
/tuv1?
/tuv2?
/tuv3?
/tuv4?
/tuv5?
/tuv6?
/tuv7?
/tuv8?
/tuv9?
/tuv10?
/tuv11?
/tuv12?
/tuv13?
/tuv14?
/tuv15?
/tuv16?
/tuv17?
/tuv18?
/tuv19?
/vaci1?
/vaci2?
/vaci3?
/vaci4?
/vaci5?
/vaci6?
/vaci7?
/vaci8?
/vaci9?
/vaci10?
/vaci11?
/vaci12?
/vaci13?
/vaci14?
/vaci15?
/vaci16?
/vaci17?
/vaci18?
/vaci19?

# Reference: https://www.virustotal.com/gui/ip-address/193.187.96.107/relations
# Reference: https://www.virustotal.com/gui/file/512909d5515902542ba06c0ba311ad15542c9da036a336746ab27b2a53058574/detection

392184281.com
592182812.com

# Reference: https://www.virustotal.com/gui/file/f85006fb90dacc12a9c7251ed6c9fe65d8597d03b7d366e4a9350538fd987fce/detection

/vihoq1?
/vihoq2?
/vihoq3?
/vihoq4?
/vihoq5?
/vihoq6?
/vihoq7?
/vihoq8?
/vihoq9?
/vihoq10?
/vihoq11?
/vihoq12?
/vihoq13?
/vihoq14?
/vihoq15?
/vihoq16?
/vihoq17?
/vihoq18?
/vihoq19?

# Reference: https://www.virustotal.com/gui/file/dad6c68e4b04701845d48650ef35e4224ece57c0142f07f14123c43f1188b471/detection

/lun1?
/lun2?
/lun3?
/lun4?
/lun5?
/lun6?
/lun7?
/lun8?
/lun9?
/lun10?
/lun11?
/lun12?
/lun13?
/lun14?
/lun15?
/lun16?
/lun17?
/lun18?
/lun19?

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-01-05-IOCs-for-TA551-IcedID-with-Cobalt-Strike.txt
# Reference: https://www.virustotal.com/gui/ip-address/45.142.212.97/relations
# Reference: https://www.virustotal.com/gui/file/f67616c55c1400a1b1f025af7616040497a64e8ba271202582cd539d62193271/detection
# Reference: https://www.virustotal.com/gui/file/a208e81281b4ee74117662340931fb1fe6d6eb427a3d4d39527fe2b5496721cf/detection

ayalahurryg.com
figueroascorpiong.com
fittravisd.com
gallagherpipess.com
hullsmileg.com
mccormickborings.com
umbrellamclaughlind.com
/sas1?
/sas2?
/sas3?
/sas4?
/sas5?
/sas6?
/sas7?
/sas8?
/sas9?
/sas10?
/sas11?
/sas12?
/sas13?
/sas14?
/sas15?
/sas16?
/sas17?
/sas18?
/sas19?

# Reference: https://www.virustotal.com/gui/file/3637a213d73319cf443d02ae739631b9923fedcac391ff4642c356a57b7ffbca/detection

suic9j2v5ic4n3.com

# Reference: https://www.malware-traffic-analysis.net/2022/01/06/index.html
# Reference: https://www.virustotal.com/gui/file/6f1034cf538f2cc3ef364da056253a17342672b5983e5026da4fc0e766241337/detection
# Reference: https://www.virustotal.com/gui/file/362e4316595bf82c5225e60e3cecbb1bd2f0fbce8aef8de31d79b7e2e43712a6/detection
# Reference: https://www.virustotal.com/gui/file/ee869b92bfd6414b59db291070427e9516f71d61fe0297fdc497f073432fe42f/detection
# Reference: https://www.virustotal.com/gui/file/e802f5d34ee434423f56540e81b7bb6ba2cb7a76151eec86b3115b5cf5e063e9/detection

pausemaddend.com
thompsonstorages.com

# Reference: https://twitter.com/xuy1202/status/1479098379422793734
# Reference: https://twitter.com/500mk500/status/1479103948183117824
# Reference: https://www.virustotal.com/gui/ip-address/77.87.212.159/relations

jurnwayholdings.com
pushedtemp.com
quickfastspeed.com
routingwebtacticks.com
telemetryfromtv.com

# Reference: https://www.virustotal.com/gui/file/a90060c0f3074f28b463d457e803e60956d094980342e7780b8e4e4439d0eaac/detection

/peju1?
/peju2?
/peju3?
/peju4?
/peju5?
/peju6?
/peju7?
/peju8?
/peju9?
/peju10?
/peju11?
/peju12?
/peju13?
/peju14?
/peju15?
/peju16?
/peju17?
/peju18?
/peju19?

# Reference: https://www.virustotal.com/gui/file/44019558e1f9d7834ac14ffd795198dfc18b4e9f167d7f0b85b64894da458358/detection

/hemum1?
/hemum2?
/hemum3?
/hemum4?
/hemum5?
/hemum6?
/hemum7?
/hemum8?
/hemum9?
/hemum10?
/hemum11?
/hemum12?
/hemum13?
/hemum14?
/hemum15?
/hemum16?
/hemum17?
/hemum18?
/hemum19?

# Reference: https://www.virustotal.com/gui/file/16ad79f4b1fbcc51fbe3e5caa9e6d64490a2d3478207f38ea7c18196fc001202/detection

metaljeffersond.com

# Reference: https://www.virustotal.com/gui/file/91b87ce064786fba20558ca5bb047aa80ea0dc20cb5d24c88c898da2597ee40e/detection

dillonservicess.com

# Reference: https://www.virustotal.com/gui/file/911b2d10bf53b8c620eed5ad7f8dd4c9b48a3d8cf2ea735c8bd72356bb5a349a/detection

patelboostg.com

# Reference: https://www.virustotal.com/gui/file/268a628c7bcd71969d0ffd62f3ea942d7f1ac38b75df71b5356bfc00479c1157/detection

variouscastrod.com
/dsgba1?
/dsgba2?
/dsgba3?
/dsgba4?
/dsgba5?
/dsgba6?
/dsgba7?
/dsgba8?
/dsgba9?
/dsgba10?
/dsgba11?
/dsgba12?
/dsgba13?
/dsgba14?
/dsgba15?
/dsgba16?
/dsgba17?
/dsgba18?
/dsgba19?

# Reference: https://www.proofpoint.com/us/blog/security-briefs/ta551-uses-sliver-red-team-tool-new-activity

/zes1?
/zes2?
/zes3?
/zes4?
/zes5?
/zes6?
/zes7?
/zes8?
/zes9?
/zes10?
/zes11?
/zes12?
/zes13?
/zes14?
/zes15?
/zes16?
/zes17?
/zes18?
/zes19?

# Reference: https://twitter.com/reecdeep/status/1480820148583997442
# Reference: https://twitter.com/reecdeep/status/1480821003194404864
# Reference: https://app.any.run/tasks/f8758215-7630-4252-80ad-e67a02cc5606/

fiscale.bar
mmmmmm.bar
mmmmmm.casa
autosblogs.com
autosblogs.co
autoslives.co
blogsautos.com
blogsautos.info
lineautos.com
livesautos.com

# Reference: https://infosec.cert-pa.it/analyze/f65d9eb6853a6ef02b56e1dc607797bb.html
# Reference: https://www.virustotal.com/gui/file/3e4c3815c4eac822a2d4264a1f62e4899a762052b6d07eaf99f6b1243aeec61a/detection

fq9u9wheuisdqwe.com
ziscvhneqwfwehif.com
/KOMIT/testv.php
/KOMIT/testv.php?l=pasasing1.class
/KOMIT/testv.php?l=pasasing10.class
/KOMIT/testv.php?l=pasasing2.class
/KOMIT/testv.php?l=pasasing3.class
/KOMIT/testv.php?l=pasasing4.class
/KOMIT/testv.php?l=pasasing5.class
/KOMIT/testv.php?l=pasasing6.class
/KOMIT/testv.php?l=pasasing7.class
/KOMIT/testv.php?l=pasasing8.class
/KOMIT/testv.php?l=pasasing9.class

# Reference: https://www.virustotal.com/gui/file/5de3ab834b6cf69c90290014653699dec4fa8f21939268afdd1ebfe9033f1f44/detection

eeeeqjweqneeqea.com
/GEM/testv.php
/GEM/testv.php?l=pasasing1.class
/GEM/testv.php?l=pasasing10.class
/GEM/testv.php?l=pasasing2.class
/GEM/testv.php?l=pasasing3.class
/GEM/testv.php?l=pasasing4.class
/GEM/testv.php?l=pasasing5.class
/GEM/testv.php?l=pasasing6.class
/GEM/testv.php?l=pasasing7.class
/GEM/testv.php?l=pasasing8.class
/GEM/testv.php?l=pasasing9.class

# Reference: https://www.virustotal.com/gui/file/4c3b65cda4e6746594147a6875066b80013d82c33b2501591e514b2b75c5338f/detection

eweodinda.ru
/ziuewgfhjabfuoryfgafhjbsejf.bin

# Reference: https://www.virustotal.com/gui/file/a0903cea960c9c46d453c6bc0550e6facdea512f031e0cf21ae3960c51cb0770/detection

7qfmzuglr45xs.com

# Reference: https://www.virustotal.com/gui/file/df63891db1aaa1bb7d480b21dd336fc5c1d0d22b4d905bf46aa4c9ae9314bed8/detection

z9nogft1.com

# Reference: https://www.virustotal.com/gui/file/5c27ce80de682c6c341899d4cac3c185c8a9dbe3da40df2fe05598b66b77b20c/detection

poneromsed.com

# Reference: https://www.virustotal.com/gui/file/18f3fb640c0ad220cdfacfa7459abfb151e4a90d7c8994764f6dee54434a5a61/detection

urarteeneb.com

# Reference: https://www.virustotal.com/gui/file/e43587890203d7af930d313f50fc7bde744e9751db7ac2e07ffa4b730d162daf/detection

holliputel.com

# Reference: https://www.virustotal.com/gui/file/909eebdb5714395255012aa6f672c966e4dae1993d151d5c25c6e1670ba272b6/detection

nomaspload.com
riorseroly.com

# Reference: https://www.virustotal.com/gui/file/34e0aa770fe10df5fb20229f144b6ba6d8fee37b0f81f585a066d65d31fb4776/detection

/fozu1?
/fozu2?
/fozu3?
/fozu4?
/fozu5?
/fozu6?
/fozu7?
/fozu8?
/fozu9?
/fozu10?
/fozu11?
/fozu12?
/fozu13?
/fozu14?
/fozu15?
/fozu16?
/fozu17?
/fozu18?
/fozu19?

# Reference: https://www.virustotal.com/gui/file/f903f4bb8d85a02bb427b82326ecfac43d4c95866c15d48794b8efd6cceb9f32/detection

doublelogistics2017b.com
/lezuq1?
/lezuq2?
/lezuq3?
/lezuq4?
/lezuq5?
/lezuq6?
/lezuq7?
/lezuq8?
/lezuq9?
/lezuq10?
/lezuq11?
/lezuq12?
/lezuq13?
/lezuq14?
/lezuq15?
/lezuq16?
/lezuq17?
/lezuq18?
/lezuq19?

# Reference: https://www.virustotal.com/gui/file/1854967a6be62c758295a397632e3fa2325be572451e6f4663942509c8526cf2/detection

mathewsoutputg.com
/hazu1?
/hazu2?
/hazu3?
/hazu4?
/hazu5?
/hazu6?
/hazu7?
/hazu8?
/hazu9?
/hazu10?
/hazu11?
/hazu12?
/hazu13?
/hazu14?
/hazu15?
/hazu16?
/hazu17?
/hazu18?
/hazu19?

# Reference: https://www.virustotal.com/gui/file/152fb47b5b828fd1a76f8d5956e91cecab10b21d16cad4a6864f427d373d031d/detection

/cab1?
/cab2?
/cab3?
/cab4?
/cab5?
/cab6?
/cab7?
/cab8?
/cab9?
/cab10?
/cab11?
/cab12?
/cab13?
/cab14?
/cab15?
/cab16?
/cab17?
/cab18?
/cab19?

# Reference: https://www.virustotal.com/gui/file/9969dc121dd238bb7994e504b99a2dd8249a7ee15912880d0a3c6dfc23286676/detection

slyblatovoslf.website

# Reference: https://twitter.com/D3LabIT/status/1483726880251514884
# Reference: https://www.virustotal.com/gui/ip-address/185.29.127.80/relations
# Reference: https://www.virustotal.com/gui/ip-address/185.29.127.81/relations
# Reference: https://www.virustotal.com/gui/ip-address/185.29.127.82/relations
# Reference: https://www.virustotal.com/gui/ip-address/192.64.119.34/relations
# Reference: https://www.virustotal.com/gui/ip-address/192.64.119.65/relations
# Reference: https://cert-agid.gov.it/wp-content/uploads/2022/01/ursnif_agenzia-entrate_2022-01-19.json_.txt

linkline.bar
linkstat.bar
linkstat.casa
liquidazioni.bar
liquidazioni.casa
mediasecure.bar
museumistat.bar
nnnnnn.bar
nnnnnn.casa
securelinks.bar

# Reference: https://twitter.com/malwrhunterteam/status/1484541667017375744
# Reference: https://www.virustotal.com/gui/file/82bdc5e4fb077c35bea345ae9f6b7580216c09dee52ee88fc51a3865416803b5/detection

pittmanglobeg.com
/depon1?
/depon2?
/depon3?
/depon4?
/depon5?
/depon6?
/depon7?
/depon8?
/depon9?
/depon10?
/depon11?
/depon12?
/depon13?
/depon14?
/depon15?
/depon16?
/depon17?
/depon18?
/depon19?

# Reference: https://www.virustotal.com/gui/file/5d84ec88f804671e71a500329c90550cbc4e6fd0bf3be99d90176c9379ef01ea/detection

exhaustcannond.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1485557502058106888

bizgroupe.com
giporedtrip.at
habpfans.at

# Reference: https://twitter.com/JAMESWT_MHT/status/1486271783124840450
# Reference: https://www.virustotal.com/gui/file/d1ca0d9f10382d484d02e90d4d5d987653de42a8c4eb5544e4368e4f1965803c/detection

http://194.76.226.200
http://31.214.157.187
http://45.9.20.190
germantrans.org

# Reference: https://twitter.com/reecdeep/status/1486993066292613122

storehunter.bar
storemagnit.bar

# Reference: https://twitter.com/reecdeep/status/1486998716234010625
# Reference: https://app.any.run/tasks/45ea37c3-48b8-4b93-b824-a581dddad18a/

interbloger.bar
interbloger.com
mediaservice.bar
mediaservice.casa
portableline.bar
portableline.casa
portablesoft.bar
portablesoft.casa

# Reference: https://www.virustotal.com/gui/file/804d44298bb99b19d4682363d37cea6673c5be71546feaada354a26a0c0d134b/detection

microsoftupdate.ink

# Reference: https://github.com/pan-unit42/iocs/blob/master/IOC%20-%20Unit%2042%20blog%20Advanced%20URL%20Filtering.txt

http://13.59.135.197
http://35.233.127.71
http://114.116.171.195
http://119.9.136.146
http://13.127.110.92
128.199.72.218:4700
/b4t7-uqcaw8-bvfis.view/
/ctkfp-ebmhpu-vifzs.view/
/fqhw5-6k88r-dgufy.view/
/h5zf-65kb9-btmdu.view/
/wcs3-94yxcd-vpne.view/
/zjed1-iae7t-kdzwv.view/

# Reference: https://twitter.com/JAMESWT_MHT/status/1488816328920211456

linepremium.bar
linkspremium.bar
premiumlines.bar
securemega.bar
securesoft.bar

# Reference: https://twitter.com/JAMESWT_MHT/status/1489502659488927745

http://31.41.46.11
beattylawyer.top
linkspremium.ru
maybommpump.top
premiumlists.ru
premiumlinks.top

# Reference: https://otx.alienvault.com/pulse/61fa737b5fd6ab8c9fe77145
# Reference: https://www.virustotal.com/gui/file/0bd6df9917293c5f70a00380fdddfe31f2d02429e179bb797e0a5a15ba7e4295/detection

rabelegrac.com

# Reference: https://twitter.com/stoerchl/status/1490695878390210565
# Reference: https://www.virustotal.com/gui/ip-address/193.56.146.52/relations

euconsalting.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1491043762856144901
# Reference: https://www.virustotal.com/gui/ip-address/31.41.46.1/relations
# Reference: https://tria.ge/220208-qnc64aggh3

premiumline.space
premiumlist.top

# Reference: https://twitter.com/reecdeep/status/1491054938331684870

filmspoints.co
linespremium.pw
linespremium.ru
premiumliner.top
premiumlines.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1491397278476955650

securezzaline.top
securezzalink.top
securezzalink.space

# Reference: https://twitter.com/luc4m/status/1491433664697466880

yuordom.xyz

# Reference: https://twitter.com/reecdeep/status/1491703830958030848
# Reference: https://twitter.com/JAMESWT_MHT/status/1491720924994932737

interlines.space
interlines.top
interlinks.top
interlinx.top

# Reference: https://twitter.com/reecdeep/status/1493855034458742784

servicelines.space
servicelines.top
servicelinks.ltd
servicelinks.space
servicelinks.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1494256807837110277
# Reference: https://tria.ge/220217-mc5kesahf6

blogline.top
blogsline.top
blogslink.top
blogslinks.top

# Reference: https://twitter.com/reecdeep/status/1496053072417767426
# Reference: https://twitter.com/reecdeep/status/1496051522085478402

baseline.top
baselines.top
loginsline.top
loginslink.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1496359648424869888

atomline.top
atomlines.top
atomlinks.top

# Reference: https://www.virustotal.com/gui/ip-address/62.173.140.219/relations

serverline.top

# Reference: https://twitter.com/reecdeep/status/1498208719766704128
# Reference: https://twitter.com/reecdeep/status/1498214866905186307
# Reference: https://www.virustotal.com/gui/ip-address/62.173.138.116/relations

ufficioline.top
ufficiolines.top
ufficiolink.top

# Reference: https://twitter.com/reecdeep/status/1498210169876004866
# Reference: https://www.virustotal.com/gui/ip-address/31.41.46.120/relations
# Reference: https://www.virustotal.com/gui/ip-address/62.173.138.116/relations

atmosphera.top
bookliner.top
booklines.top
buredom.top
cloudlines.top
vilogerta.top

# Reference: https://twitter.com/luc4m/status/1498247479913066498

securezoline.com

# Reference: https://twitter.com/reecdeep/status/1498567203108667392

stataline.top
statalines.top
statalink.top
statilink.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1500748805708394497

customline.top
customlines.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1501105805860429825
# Reference: https://www.virustotal.com/gui/ip-address/62.173.140.220/relations
# Reference: https://www.virustotal.com/gui/ip-address/62.173.149.112/relations
# Reference: https://www.virustotal.com/gui/ip-address/62.173.154.103/relations

basesline.top
botanlink.top
ecologiline.top
ecologilines.top
ecologilink.top
forumlines.top

# Reference: https://twitter.com/reecdeep/status/1501109444146573315

agenziamail.online
agenziamail.tech

# Reference: https://twitter.com/JAMESWT_MHT/status/1503713382305779712

atmosphera.top
tradeline.top
tradeliner.top
tradelines.top
tradelinks.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1504432657282875392

contactline.top
contactlines.top
contactlink.top
systemlines.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1504729328545849371

checksound.su
onlinerlines.top
onlinerline.top
onlinerlink.top
sistemliner.top

# Reference: https://twitter.com/reecdeep/status/1504734243779403781

interblog.top
interforum.top

# Reference: https://twitter.com/reecdeep/status/1506207982413131792

http://193.56.146.189

# Reference: https://twitter.com/reecdeep/status/1506219217389072386
# Reference: https://www.virustotal.com/gui/ip-address/62.173.140.43/relations
# Reference: https://www.virustotal.com/gui/ip-address/62.173.149.188/relations

checksound.xyz
droelong.top
moendorf.top

# Reference: https://twitter.com/reecdeep/status/1506205247743709190
# Reference: https://www.virustotal.com/gui/file/d39aaa321588e8b1e8fe694732b533be31c57b60a3c1b7cf73047974606c0c64/detection

euconsalting.com

# Reference: https://twitter.com/reecdeep/status/1506536083894460416
# Reference: https://twitter.com/reecdeep/status/1506545472047284227

educatiolines.com
educatiolink.com
educationlink.su
educatiolink.xyz

# Reference: https://www.virustotal.com/gui/ip-address/62.173.149.201/relations

colidole.top
vilopixo.top

# Reference: https://otx.alienvault.com/pulse/623c5e73daf23effca52499b
# Reference: https://www.virustotal.com/gui/file/35c4aa3784531cd17232121b69bf4650eb52f3477f83cb3661ce9dd430b08d58/detection

bm25yp.com
xiivhaaou.email

# Reference: https://twitter.com/reecdeep/status/1508353290697940999
# Reference: https://www.virustotal.com/gui/ip-address/91.241.19.45/relations
# Reference: https://www.virustotal.com/gui/file/1a16288bf4484b2a6692dcb7244942d7bea94ce3597c175910f91cc2b2613365/detection

http://185.154.52.213
http://185.154.53.38
http://185.154.53.49
http://185.154.53.58
http://193.56.146.189
http://46.30.43.44
cabrioxmdes.at
hopexmder.net
wikl.org

# Reference: https://twitter.com/JAMESWT_MHT/status/1511288013988536322

databaza.top
loginline.top
loginlines.top
portaline.top
recuperandotuamor.com
sreedevidigitals.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1511280203837976578

http://185.154.53.188
http://85.154.53.214
http://46.30.42.246
argentinacar.org

# Reference: https://twitter.com/k3dg3/status/1512067808133214225
# Reference: https://tria.ge/220407-q9wkkaeahn/behavioral1
# Reference: https://www.virustotal.com/gui/ip-address/193.124.118.130/relations

docmasterpassa.top
docmasterpassb.top
docmasterpassc.top
docmasterpassd.top
docmasterpasse.top
docmasterpassf.top
docmasterpassg.top
docmasterpassh.top
docmasterpassi.top
docmasterpassj.top
docmasterpassk.top
docmasterpassl.top
docmasterpassm.top
docmasterpassn.top
docmasterpasso.top
docmasterpassp.top
docmasterpassq.top
docmasterpassr.top
docmasterpasss.top
docmasterpasst.top
docmasterpassu.top
docmasterpassv.top
docmasterpassw.top
docmasterpassx.top
docmasterpassy.top
docmasterpassz.top
personvil.xyz

# Reference: https://twitter.com/reecdeep/status/1513444319251869697

http://185.154.53.214
eurobiznes.org

# Reference: https://twitter.com/D3LabIT/status/1513792315269292033
# Reference: https://www.virustotal.com/gui/ip-address/2.57.186.45/relations

colidonred.top
jointoblog.top
somarifers.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1514170265831366658
# Reference: https://twitter.com/ffforward/status/1514174139828867075

boludarum.top
bulllystors.top
nahuinado.top

# Reference: https://tria.ge/220413-q6dkkscdd9

http://146.70.35.138
http://146.70.35.142

# Reference: https://www.virustotal.com/gui/file/3b1a539c86eb3f42cfc6d131ea63b722e6f34b3bb26dd389c3d7fd1828ef701c/detection
# Reference: https://www.virustotal.com/gui/file/7b8c91665d7a96b5f38a4bb8b81796ec80df1c281c65da378c4df82912671e25/detection
# Reference: https://www.virustotal.com/gui/file/c9dcc793fd781e0d20d76ecf6699489acf03a19a3d15991064a5c48164ca1727/detection

gestioneacquistionline.com

# Reference: https://twitter.com/58_158_177_102/status/1519244589722644482
# Reference: https://app.any.run/tasks/4c102bdb-d41e-4bba-91cf-2275cd27ca64/

bizinvetment.com

# Reference: https://twitter.com/reecdeep/status/1519595952369242112
# Reference: https://github.com/pr0xylife/Gozi/blob/main/Gozi_3000_28.04.2022.txt
# Reference: https://www.virustotal.com/gui/file/0f7c69f83cd47009aa4b0b7e99cf0c9f23567a0e1862aa9bc83e4e684e72ff5b/detection

http://193.56.146.133
http://94.140.112.121
http://94.140.112.35
http://94.140.112.44
http://94.140.112.49
http://94.140.114.144
http://94.140.115.8
cabrioxmdes.at
hopexmder.net
inversinbiz.com

# Reference: https://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.html (# Win.Malware.Ursnif-9948883-0)

tm90daron.club

# Reference: https://twitter.com/stoerchl/status/1524026220735774720

investoriant.com
managmentoria.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1531544575160070144

moneyinvestator.com

# Reference: https://www.virustotal.com/gui/file/3c59ab329f6f12dcf9137433c14aadd294d1784ef103f4fab4e98d045811817a/detection

d33ounorbertoui.top
hclement28.com
wngtdpablo.com

# Reference: https://www.virustotal.com/gui/file/06b560fcc9c9763fd20d51cb3ef0f8e2c2ac9ee68ecb3edd6827960270821fb0/detection

http://185.189.151.28
http://185.189.151.70

# Reference: https://www.virustotal.com/gui/file/36c13521e2c5ac68d729ac2030bbfc1fd48d3e16df660d495e161dd506b9a821/detection

vorimusesa.com

# Reference: https://www.virustotal.com/gui/file/056d2b0241aeae0dc3c58ef6a742775c5da75b9bbeb4c196d3c6e0e3d3838de9/detection

busemedgan.com
hutorescag.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1529390656824692736

http://176.10.119.68
http://176.10.119.81
http://185.158.250.51
http://37.10.71.138
inmanagment.com
gamexperts.net

# Misc.

factorline.top
factorlink.top

# Generic trails

/a.aspx?redir=1&clientUuid=
/bounce.aspx?dx11diag=
/project.aspx?cwdTelemetry=
/%20%20%20%20.php
/2poef1/j.php
/3mBhb0/6VIJ7e.php
/4adr/lotv.php
/8YrPpA/M6vtj8.php
/afterschool/schoolgirls.php
/alfh/xzrn.php
/_bxlzcpjlmpxlkzblf_zhlsplspz/wtlmwrqnnxfwgzzlkvzdbvnp_mphdqpggxfljvffj_.php
/_bxlzcpjlmpxlkzblf_zhlsplspz/
/biwe_zibofyra/ripy_lani.php
/biwe_zibofyra/
/ripy_lani.php
/angosz/cecolf.php
/bolb/jaent.php
/bumu/zenes.php
/C821al/vc2Tmy.php
/caem/tyf.php
/cdjq/4oslx.php
/cmgtkz/cgcjp.php
/colorex/somatrex.php
/cudo/tomys.php
/cugul/lisi.php
/curoix/jotask.php
/czwih/fxla.php
/deamie/ovidel.php
/docat/hyra.php
/dujok/kevyl.php
/edgron/siloft.php
/f64b/oddg.php
/f64bj/jtrhs.php
/Flux/tst/index.php
/foqa/kucow.php
/fovyn/silaz.php
/fucy/jubiw.php
/fuho/zahel.php
/fywek/miqy.php
/gg88wyaftcxr7gu/wo0zz.php
/gosy/dyxyd.php
/gunshu/lewasy.php
/gyxo/kijad.php
/hboneb/sol95.php
/hdil/kzex.php
/hokril/kolasc.php
/jadykf/btnryr.php
/jatt4/tarl.php
/jivo/neky.php
/jTlp8P/3OXkud.php
/iwp01-2ksm/20918201.php
/iwq/wpsk.php
/iz5/yaca.php
/khogpfyc8n/215z9urlgz.php
/koorsh/soogar.php
/kundru/targen.php
/loq91/10x.php
/mese/ludek.php
/minsee/ragaba.php
/mogalm/traxic.php
/muty/sohaq.php
/mynotescom/renoovohostinglilnuxadvanced.php
/myzyn/mevap.php
/novacms/grassandrocks.php
/nra962sc0/ft2dol9oy.php
/nra962sc0/
/ft2dol9oy.php
/obedle/zarref.php
/opbrk/yzsautlv.php
/p109/mv.php
/peja/lezow.php
/poli/lapof.php
/pudiv/tedy.php
/pupi/gyru.php
/pwoxi444/vpvop.php
/pywr/wopgo.php
/qoie8rg/m1m2m.php
/qtra/ttqr.php
/rgpsl/ie.php
/ryfu/bary.php
/s9281P/yt1.php
/sapad/huwu.php
/siu_d16e-2cf/i28_stream.php
/skoex/po2.php
/UbiGaj/doneit.php
/unbbmevd/d76.php
/urvave/cennc.php
/vakos/nomyr.php
/xevot/gadip.php
/xezoc/mawu.php
/vv55v37kts7et/idq9p9t142vyk.php
/w1kbs7qffwr3g5nn/hz1704i8k8bwhyo1.php
/we20lo85/aio0i32.php
/we20lo85/aio0i32p.php
/wMB03o/Wx9u79.php
/wrong/ragnarock.php
/xap_102b-AZ1/704e.php
/xemcl/iba.php
/xEMIj66/5RcbXK.php
/xvrr7zok/6x2jrg.php
/zepoli/ironak.php
/zulyk/xoru.php
/215z9urlgz.php
/3OXkud.php
/3retyxo2m.php
/4oslx.php
/5RcbXK.php
/6VIJ7e.php
/6x2jrg.php
/83939-2039.php
/89289_928_1.php
/aio0i32.php
/aio0i32p.php
/btnryr.php
/cecolf.php
/fgoow.php
/ft2dol9oy.php
/hz1704i8k8bwhyo1.php
/huonasdh.php
/idq9p9t142vyk.php
/Jingu.php
/jogptfbuu
/jtrhs.php
/levond.php
/M6vtj8.php
/nerkom.php
/opanskot.php
/pagjfut54.php
/paghgutj44.php
/pagigpy75.php
/pagig84.php
/pagigmu48.php
/paginfo33.php
/paginfo52.php
/paginfo83.php
/pagioiu88.php
/pagkit56.php
/pagkype32.php
/pagnuko56.php
/pagnupo27.php
/pe10pd.php
/renoovohostinglilnuxadvanced.php
/si2s81-19.php
/suoepwxpamxapxlamslxdo.php
/transaction.php2
/traxic.php
/wpapi
/wtlmwrqnnxfwgzzlkvzdbvnp_mphdqpggxfljvffj_.php
/wo0zz.php
/Wx9u79.php
/YhggfB.php
/_5PvmqsbqvY2g-wh3.php
/_Eb-6XZQPkeWFE2F0.php
/_W54sEoZKl-m2w6RZ.php
/dgsos/
/gg88wyaftcxr7gu/
/managaburitos7kfdd0a/
/vv55v37kts7et/
/w1kbs7qffwr3g5nn/

# Reference: https://twitter.com/58_158_177_102/status/1534087172688871424
# Reference: https://app.any.run/tasks/864ea9be-2525-4074-8e8a-d31176c99c8f/
# Reference: https://www.virustotal.com/gui/ip-address/193.106.191.242/relations
# Reference: https://www.virustotal.com/gui/file/87b8c12b32af3a2f0ffa4fbc4f8bc9c10789e5130ce73d02dfbfe1b6d9463619/detection

consaltins.com

# Reference: https://twitter.com/reecdeep/status/1534091318120546305

http://176.10.125.118
http://31.214.157.235
http://37.10.71.221
http://45.11.180.10
geodezhols.at
xmhomestilesh.at

# Reference: https://twitter.com/reecdeep/status/1536629341534265344
# Reference: https://twitter.com/JAMESWT_MHT/status/1536632903353901058
# Reference: https://www.virustotal.com/gui/ip-address/5.42.199.75/relations
# Reference: https://app.any.run/tasks/51ad313a-54cc-4e92-b58b-d327d5401217/

http://109.230.199.114
http://185.189.151.35
http://194.76.226.15
http://194.76.225.96
http://5.42.199.72
moneyinconsalt.com

# Reference: https://www.virustotal.com/gui/file/6996179f306e05db353b5ae09a5dc49a6e4d3ffac6229d0b544de15f67095990/detection

aimnop.su
drevovyrobajakubec.eu
fofoka.at
kaletop.su
mogolik.at
voligon.cn
zakzak.at

# Reference: https://otx.alienvault.com/pulse/62a9caf69b9f0210264e7334
# Reference: https://www.virustotal.com/gui/file/8d4030c9bf7243a18b1a08c5a1e75fa2916d612daae8230c500207cf3a9b11a0/detection

adutafgb.com
ahorqfgb.org
ebqdefqz.org
enifynwh.org
evyrepwn.com
ftrzanwe.info
gvmxojyf.com
gzpedcgz.info
kerhferx.net
ktabsfkj.com
mvwzilyz.org
mzedslyz.com
obgmfmsm.info
ofsdsjgv.org
ohmxgtkz.com
olcjefix.org
pdhebzvg.info
sndecpol.info
xdikrtvb.net
yjnjejqh.net
/pki/mscorp/crl/msitwww2.crl

# Reference: https://twitter.com/AlbertPriego/status/1537777013829906434
# Reference: https://twitter.com/AlbertPriego/status/1537777023590060034

iiso.in

# Reference: https://twitter.com/stoerchl/status/1538875059292577793

investprides.com

# Reference: https://blog.talosintelligence.com/2022/06/threat-roundup-0617-0624.html (# Win.Packed.Ursnif-9952366-0)

greatestcups.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1542078625251565569

http://194.76.224.26
http://194.76.225.112
http://194.76.225.113
http://46.21.153.203
http://46.21.153.221

# Reference: https://twitter.com/pr0xylife/status/1544988332886790145
# Reference: https://github.com/pr0xylife/Gozi/blob/main/Gozi_3000_07.07.2022.txt

http://23.227.202.64
http://79.110.52.164
http://79.110.52.244
http://79.110.52.97
deohomexm.at
moreinvesrotial.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1547517605422026753

http://46.21.153.252
http://79.110.52.241
domanaic.com
kimzooxl.at

# Reference: https://twitter.com/stoerchl/status/1551563405110218753
# Reference: https://twitter.com/JAMESWT_MHT/status/1554763666272264193

http://193.106.191.163
http://37.120.206.71
http://37.120.206.84
http://37.120.206.91
http://37.120.206.95
http://5.42.199.57
dokpio.com
havefuntxmm.at
xerkdeoleone.at

# Reference: https://twitter.com/luc4m/status/1555095048122949632
# Reference: https://www.virustotal.com/gui/file/d8f5d209013464930fa00bd97e58f74d5c9b422174b8a723de8ac2e66e2c1247/detection

http://193.56.146.127
185.212.47.98:443
185.212.47.98:8080

# Reference: https://twitter.com/benkow_/status/1557478182579740672

daydayvin.xyz
gigiman.xyz
gianyarkab.go.id
michaelpagejob-uk7t.com

# Reference: https://twitter.com/reecdeep/status/1556953818721550337

http://79.110.52.8
http://79.110.52.80
http://79.110.52.82
http://79.110.52.94

# Reference: https://twitter.com/58_158_177_102/status/1559825186282962944
# Reference: https://twitter.com/reecdeep/status/1559831890613387266
# Reference: https://twitter.com/reecdeep/status/1559832746394099712
# Reference: https://tria.ge/220817-kpvjwagca8/behavioral1
# Reference: https://www.virustotal.com/gui/file/057e9473b97f15efb11647bcd6794922de3c68dbe53698fab481a2a7fff5bbc2/detection

http://5.42.199.83
internetcoca.in
internetlined.com
internetlines.in
leonxmdeok.at
medialists.ru
medialists.su
mediawagi.info
mediawagi.ru
superlist.top
supersets.top
superstarts.top
superstat.top
truebobi.com

# Reference: https://twitter.com/benkow_/status/1560917955742924801

fjigroqksqkeofqwjk.com
michaelpagejobuk8t.com
logotep.xyz

# Reference: https://twitter.com/abuse_ch/status/1560981023898451969

vavilgo.xyz

# Reference: https://cert-agid.gov.it/wp-content/uploads/2022/08/ursnif_agenzia_entrate_riscossione_31-08-2022.json_.txt

http://193.106.191.186
denterdrigx.com
digserchx.at
superliner.top
superlinez.top

# Reference: https://twitter.com/58_158_177_102/status/1572157652536532994
# Reference: https://twitter.com/reecdeep/status/1572167734678654977
# Reference: https://twitter.com/reecdeep/status/1572168788346380288
# Reference: https://www.virustotal.com/gui/ip-address/91.213.50.18/relations
# Reference: https://tria.ge/220920-lhsmdacef9/behavioral1
# Reference: https://www.virustotal.com/gui/file/24092e5b10b2dd678f8143a0fb43515e7e7fded3f578237d30c230e74b3928cd/detection

http://89.41.26.99
http://89.45.4.102
dominikania.com
interlinel.top
interliner.top
interstarts.top

# Reference: https://twitter.com/1ZRR4H/status/1575364116356775941
# Reference: https://www.virustotal.com/gui/file/1056ea3dad265dd554362bc0bd67f08fa2b9f3e5839e6e4fb197831a15c8acef/detection

http://188.127.224.114
http://45.8.158.104
iujdhsndjfks.com
wdeiqeqwns.com
weiqeqwens.com
weiqeqwns.com
weiqewqwns.com

# Reference: https://www.virustotal.com/gui/file/42cb00f0543a77411f99fb33723d0282150e9c4830ef04474e164a6bb0704f32/detection

asiorpatms.com
unpeoritas.art

# Reference: https://tria.ge/221018-v8jxlageg4/behavioral7
# Reference: https://www.virustotal.com/gui/file/b51f67e67847ed20c75ef9bc8e057f0d93e2fa62bdf1df1a87d3f772603a59ff/detection
# Reference: https://www.virustotal.com/gui/file/4c0ccba038ff513555223a880da3760a974b0479fe6cf0e823f08774ecd0d9ba/detection

onlinetwork.top
linetwork.top

# Reference: https://www.mandiant.com/resources/blog/rm3-ldr4-ursnif-banking-fraud

http://141.98.169.6
astope.xyz
binchfog.xyz
damnater.com
dodsman.com
dodstep.cyou
fineg.xyz
fingerpin.cyou
fishenddog.xyz
giantos.xyz
gigeram.com
gigimas.xyz
higmon.cyou
isteros.com
kidup.xyz
lionnik.xyz
mainwog.xyz
mamount.cyou
minotos.xyz
pinki.cyou
pipap.xyz
prises.cyou
reaso.xyz
rorfog.com
tornton.xyz

# Reference: https://tria.ge/221011-p2cbaaegem/behavioral2

http://185.212.47.133
http://194.76.225.60

# Reference: https://twitter.com/luc4m/status/1587426984069586944

http://37.140.197.44

# Reference: https://twitter.com/VirITeXplorer/status/1588114978686603267
# Reference: https://www.virustotal.com/gui/file/e332ffd69d545f80250b02dfab8c31e37b3c8c57b728202fbadb8c09588691fa/detection
# Reference: https://www.virustotal.com/gui/file/822d2e533e0537f92fa3ddcbd8cb2a0d7c33ba2ada626e1cae4ecf466ac61e9b/detection
# Reference: https://www.virustotal.com/gui/file/71c9ca94352f8baedaa6b88206f92c5f7b1a0b8e6a5bee346ee7c4524eea829a/detection

dooxil.com

# Reference: https://twitter.com/CapeSandbox/status/1432697742325952519
# Reference: https://www.virustotal.com/gui/file/d4e1216744b6916962bd198efc01a9281af8aeaa8b9dcd8712b32775402b1687/detection

avanoruk.com
bablefiler.at
f1.bablefiler.at
f22.avanoruk.com

# Reference: https://twitter.com/fr0s7_/status/1589918447172866048
# Reference: https://www.virustotal.com/gui/file/2462cac7c8d32602c59e9e2ed8194b71dd2be8e660b4de95079f5d95d8d34ded/detection

mireis.com

# Reference: https://twitter.com/58_158_177_102/status/1590662180776837120
# Reference: https://www.virustotal.com/gui/file/d3bf5ac8786b4ae8e33c646098065b1fbbd68b3f3b4a8eb2c649cd33d43a0bba/detection

youbici.com

# Reference: https://twitter.com/VirITeXplorer/status/1595347501032382464

http://31.207.46.124
dendexmm.com
meganetwork.top
supernetwork.top

# Reference: https://twitter.com/reecdeep/status/1595357414177607682

http://31.207.46.126
directoronliner.ru
directoronliner.su
fortrexmll.com
groupconnect.info
internetwork.top
interspin.top
onlinegroup.pw
onlinesgroup.top
premiumdocs.info
premiumdocs.ru

# Reference: https://twitter.com/reecdeep/status/1597892032022085632

chechoa.com
diegxmlop.at
easydipe.com
onlynetwork.top
optinetwork.top

# Reference: https://twitter.com/ffforward/status/1598738600811986944
# Reference: https://www.virustotal.com/gui/ip-address/185.218.3.27/relations
# Reference: https://www.virustotal.com/gui/ip-address/193.57.138.153/relations
# Reference: https://tria.ge/221202-wjl64aeb5t

horonget.xyz
strengit.xyz

# Reference: https://twitter.com/reecdeep/status/1600087607303471105
# Reference: https://twitter.com/reecdeep/status/1600092320350670850

http://139.60.163.55
http://31.207.46.10
dioxvoxll.com
freddisb.com

# Reference: https://twitter.com/VirITeXplorer/status/1600150221387755520

agenziaonline.top
factorline.top 
informlines.top 
mediumline.co
onlineagenzia.top

# Reference: https://twitter.com/reecdeep/status/1600155781826891776

blockmains.ru
factorsystem.top
highblocks.su
lineblocks.ru
mediumlinks.com
seriousline.ru

# Reference: https://twitter.com/0xToxin/status/1603429215159951361
# Reference: https://tria.ge/221215-twjkmacg77
# Reference: https://www.virustotal.com/gui/file/f0b465a712cebb5906d45724f884fa0e43cb7cbc954babbad0f1d676af2db479/detection

http://185.31.160.229
http://185.31.160.147
http://185.31.162.9
http://31.41.44.60
http://31.41.44.63
http://31.41.46.120
http://31.41.46.132
http://62.173.147.113

# Reference: https://twitter.com/reecdeep/status/1603662584460214273

http://62.173.138.24

# Reference: https://twitter.com/0xToxin/status/1603429215159951361

http://62.173.138.28

# Reference: https://twitter.com/JAMESWT_MHT/status/1603387797582356480

http://62.173.147.122

# Reference: https://www.silentpush.com/blog/silent-push-uncovers-a-russian-ursnifgozi-banking-trojan-operation-targeting-global-anydesk-users
# Reference: https://www.virustotal.com/gui/file/0da1e85be9a2965c12fda89ccc5a73e454935f7b5363b9c90922a1941498fbbd/detection

http://94.198.54.97
4zuki.com
dasaet.fun
gameindikdowd.ru
getherkae.online
golunki.com
iujdhsndjfks.ru
jhgfdlkjhaoiu.su
lentaphoto.at
reggy505.ru
tradeview-moves.com
tradeview.moves
www-slack.top
www-wwwanydesk.top

# Reference: https://twitter.com/reecdeep/status/1605509741907570689
# Reference: https://app.any.run/tasks/667bb1e6-62eb-4f3b-b934-c82091c81cc3/

http://31.41.44.43
http://31.41.44.71
http://31.41.44.79
http://62.173.147.138
http://62.173.147.142
http://62.173.147.143
http://62.173.147.145
http://62.173.147.147
http://62.173.147.149
http://62.173.147.151
http://62.173.147.152

# Reference: https://twitter.com/reecdeep/status/1605927567730610177

http://62.173.138.97
http://62.173.138.98
http://62.173.147.64

# Reference: https://twitter.com/JAMESWT_MHT/status/1607697271411412992
# Reference: https://www.virustotal.com/gui/file/ee008ff7b30d4fce17c5b07ed2d6a0593dc346f899eff3441d8fb3c190ef0e0e/detection
# Reference: https://www.virustotal.com/gui/file/bbe1eb4a211c3ebaf885b7584fc0936b9289b4d4f4a7fc7556cc870de1ff0724/detection
# Reference: https://www.virustotal.com/gui/file/a2ed8e1d23d2032909c8ad264231bc244c113a4b40786a9bc9df3418cc915405/detection
# Reference: https://www.virustotal.com/gui/file/9386ccb677bde1c51ca3336d02fea66f9489913f2241caa77def71d09464d937/detection
# Reference: https://www.virustotal.com/gui/file/2c44c1312a4c99e689979863e7c82c474395d6f46485bd19d0ee26fc3fa52279/detection
# Reference: https://www.virustotal.com/gui/file/27070a66fc07ff721a16c4945d4ec1ca1a1f870d64e52ed387b499160a03d490/detection
# Reference: https://www.virustotal.com/gui/file/1106e4b7392f471a740ec96f9e6a603fe28f74b32eef7b456801a833f13727fc/detection

sunniznuhqan.com

# Reference: https://twitter.com/tosscoinwitcher/status/1607827228989206528
# Reference: https://tria.ge/221227-x7pskabb8x/behavioral1

chespnagybioynedr.ru
gdosxuincaluiprada8.ru
gribkoosov.ru
kaskihkin-kotero.ru
klspotuvlico93hhu8.ru
lambooauus.ru
leikocittoosih9racker.ru
meskon4ilaoyoosd.ru
okpmakrodj09291.ru
sastypedd6e.ru
sintesis03lo.ru
slakosuoyoliusdd.ru
ssosnulaoyobermanoba4.ru
stydensjina88a8.ru
svoklavirivdia88.ru
taktoeaayd7imus.ru
tamdindyrdeos2.ru
tinunlomitedwastan.ru

# Reference: https://www.silentpush.com/blog/silent-push-uncovers-a-russian-ursnifgozi-banking-trojan-operation-targeting-global-anydesk-users

anydesk-access.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1610606177024360448
# Reference: https://twitter.com/reecdeep/status/1610701751803428864

http://185.31.160.178
http://31.41.44.105
http://45.89.66.58
http://62.173.138.102
http://62.173.138.103
http://62.173.138.105
http://62.173.138.108
http://62.173.138.109
http://62.173.138.110
http://62.173.139.157
http://62.173.145.223

# Reference: https://malware.news/t/inside-view-of-brazzzersff-infrastructure/62431

http://185.254.121.11
http://85.25.246.28
http://91.243.82.44
gkspsafoe.net
api.gkspsafoe.net

# Reference: https://twitter.com/JAMESWT_MHT/status/1610933937072930817
# Reference: https://twitter.com/reecdeep/status/1610934654726463489
# Reference: https://twitter.com/reecdeep/status/1610944371511140352

http://193.0.178.141
http://31.41.44.108
http://31.41.44.111
http://31.41.44.122
http://31.41.44.153
http://45.89.67.190
http://46.8.210.140
http://62.173.138.159
http://62.173.138.160
http://62.173.138.161
http://62.173.138.164
http://91.107.119.142
brokerlines.top

# Reference: https://twitter.com/Malwar3Ninja/status/1612471526405844992

http://5.199.168.23

# Reference: https://twitter.com/reecdeep/status/1612735971543457794
# Reference: https://app.any.run/tasks/9b362341-ab97-4999-97f5-62cdb04b1489/

http://193.233.72.14
http://194.87.47.138
http://31.41.44.112
http://31.41.44.124
http://31.41.44.125
http://46.8.210.80
http://62.173.138.226
http://62.173.138.228
http://62.173.138.234
http://62.173.140.103
http://62.173.140.8
http://91.107.119.114
http://91.149.218.248

# Reference: https://twitter.com/VirITeXplorer/status/1613180158088822784
# Reference: https://www.virustotal.com/gui/file/cb3b67a980ba921625ecdf082d518c73a9f80ce1b2d4f428b6e950b20a9688bb/detection

http://23.227.203.221
http://91.215.85.143
boxidoxyx.com
mikoprikodx.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1613111060860489730
# Reference: https://twitter.com/reecdeep/status/1613188157431840769
# Reference: https://www.virustotal.com/gui/ip-address/91.213.50.69/relations
# Reference: https://app.any.run/tasks/15a95e91-651b-4d11-8c33-0671a30b68dd/
# Reference: https://www.virustotal.com/gui/file/d1cc51309cddfeeb4181c3aafdc35e72c2ecb219e006392cae96b8568a4246ae/detection
# Reference: https://www.virustotal.com/gui/file/3e9c5280463b1e4aa07fe6870bb8b9078b2213a2556f27c84dded6796d0da3fb/detection

78vuuccvclq295fsrgtq.com
wicewtice.com

# Reference: https://twitter.com/reecdeep/status/1613497975023476739

http://62.173.147.10
http://62.173.147.16

# Reference: https://twitter.com/reecdeep/status/1613502801849581568

http://185.142.99.102
http://193.0.178.157
http://31.41.44.156
http://31.41.44.158
http://46.8.210.168
http://62.173.145.52
http://62.173.149.202
http://62.173.149.58
http://91.107.119.116

# Reference: https://twitter.com/JAMESWT_MHT/status/1615315192342011906
# Reference: https://twitter.com/1ZRR4H/status/1615558173875732480

http://193.0.178.186
http://193.233.171.60
http://31.41.44.176
http://31.41.44.177
http://31.41.44.178
http://31.41.44.179
http://46.8.210.177
http://62.173.140.150
http://62.173.147.34
http://62.173.147.35
http://62.173.147.36
http://62.173.147.37
http://62.173.147.38
http://63.173.147.18
http://63.173.147.19
http://63.173.147.20
http://91.107.119.172
gapegape.co.za
nascosteel.ae
oknaoptima24.ru
/agenzia/5d14/p6oHkk.php
/agenzia/6b21/in1571.php
/agenzia/b85d/ZgHQnr.php
/agenzia/0c73/
/agenzia/50c5/
/agenzia/5d14/
/agenzia/6b21/
/agenzia/b85d/
/agenzia/ba5a/
/agenzia/e912/
/agenzia/edf9/
/5d14/p6oHkk.php
/6b21/in1571.php
/b85d/ZgHQnr.php

# Reference: https://cert-agid.gov.it/wp-content/uploads/2023/01/ursnif_agenzia-entrate_17-01-2023.json_.txt

1337x.ind.in
alligatorplataformas.com
christianbeltran.co
fortdelgres.com
kinaki.atwebpages.com
liveetiquetas.com.br
phani.trymore.co
solutionsindicancia.com.br

# Reference: https://github.com/pan-unit42/tweets/blob/master/2023-01-16-IOCs-for-malware-from-fake-7zip-page.txt

http://176.113.115.177
http://185.189.151.61
http://45.11.182.208
http://45.11.182.30
http://79.132.128.228
http://79.132.129.220
http://79.132.130.171
79.132.129.220:443
advertising-check.ru
archiver-7zip.software
download1.software

# Reference: https://twitter.com/reecdeep/status/1615663165718646784

http://109.248.11.165
http://193.0.178.198
http://193.233.175.98
http://31.41.44.151
http://31.41.44.157
http://31.41.44.87
http://62.173.147.43
http://62.173.147.44
http://62.173.147.45
http://91.107.119.122

# Reference: https://twitter.com/MalwarePotato/status/1616089880018440192

http://193.0.178.187

# Reference: https://twitter.com/1ZRR4H/status/1616682547983024128
# Reference: https://github.com/CronUp/Malware-IOCs/blob/main/2023-01-21_DEV-0569_GoogleAds

http://170.130.165.182
http://80.77.23.77
http://80.77.25.109
http://80.77.25.114
trading-terminal.software

# Reference: https://twitter.com/JAMESWT_MHT/status/1617448472789094400
# Reference: https://twitter.com/JAMESWT_MHT/status/1617469122731806722

http://185.31.160.229
http://193.0.178.237
http://193.233.175.99
http://194.116.162.14
http://46.8.210.26
http://46.8.210.28
http://46.8.210.29
http://62.173.138.24
http://62.173.140.128
http://62.173.140.192
lwwilwjf.page.link

# Reference: https://twitter.com/reecdeep/status/1617458477202542593

http://193.0.178.235
http://193.233.175.18
http://194.116.162.13
http://31.41.44.184
http://31.41.44.185
http://31.41.44.27
http://46.8.19.215
http://62.173.145.119
http://62.173.149.10
http://62.173.149.123

# Reference: https://twitter.com/Artilllerie/status/1618205570259120129

http://94.198.54.97
reggy506.ru
reggy914.ru
renewbleenergey.ru

# Reference: https://twitter.com/JAMESWT_MHT/status/1622861886952808450
# Reference: https://twitter.com/JAMESWT_MHT/status/1622923175599251457
# Reference: https://twitter.com/JAMESWT_MHT/status/1622861889418981376
# Reference: https://www.virustotal.com/gui/file/25304c7fe861c576ab7d03c1e9125651113ecf8ee0644c519a888f2e81b537d7/detection
# Reference: https://www.virustotal.com/gui/file/2c9d85fd5b94dc9af67d408e2e269f59d89bad35a6df94dc49275ae6793a4bbc/detection
# Reference: https://www.virustotal.com/gui/file/39be606880093abaf976d8ed43bfe1212019a76682d7f6ea3a38c5438b01281c/detection
# Reference: https://www.virustotal.com/gui/file/3f7302a2c1a78689062e05e41f8435efa3c3c9de18d72b234b61066fe29ec93f/detection
# Reference: https://www.virustotal.com/gui/file/4f999cd608ccf9e8cf62e41e2c7a75f50b3c758dbf290e26424d6a5a0acff243/detection
# Reference: https://www.virustotal.com/gui/file/6335b61185585aabc34532592df59d84415b8d4d588802820c5f9708f918b99d/detection
# Reference: https://www.virustotal.com/gui/file/a4e46b45a5f88993175cdc799e6736a9a144c217e8e134db16aa646f6e7ffe58/detection
# Reference: https://www.virustotal.com/gui/file/ac345ff7ee42a6bc8c6ac8acb07643a829b35cc3000e88bde60d242aaf22c494/detection
# Reference: https://www.virustotal.com/gui/file/bd6bde893d7af70e740f72161d53e3544e38e0b45412d247b5f44b70918cc263/detection
# Reference: https://www.virustotal.com/gui/file/f6d8d981f96d7da1457c26771c0027bc9603762625a397151872572edfde820e/detection

http://185.31.160.197
http://194.116.163.130
http://31.41.44.76
http://46.8.19.182
dgpkknqp.page.link
unyoclfx.page.link
yimrqukq.page.link
segzrecords.com/wp-content/plugins/press/azienda/
/azienda.dll

# Reference: https://www.malware-traffic-analysis.net/2023/02/03/index.html

http://170.130.165.188
194.87.216.194:9955
softs-lab.ru

# Reference: https://twitter.com/JAMESWT_MHT/status/1623675009695727620
# Reference: https://twitter.com/JAMESWT_MHT/status/1623680035772149767

http://62.173.147.11
http://62.173.147.13
http://62.173.147.157
http://62.173.147.158
cupidoparamayores.com/groups/entrate/
medinamaster.com/wp-content/plugins/press/entrate/

# Reference: https://twitter.com/JAMESWT_MHT/status/1623762971292737543

http://62.173.149.243
pomdamour.net/landing/wp-content/themes/sketch/azienda/
vhtcomputers.eu/agenzia/azienda/
vonalkoddebrecen.hu/azienda/

# Reference: https://twitter.com/JAMESWT_MHT/status/1623730401192644608

dawntakaful.com/wp-content/plugins/press/entrate/
rayyankhaddi.com/wp-content/plugins/press/entrate/

# Reference: https://app.any.run/tasks/83c074dc-e768-4825-a3e8-96d6b9cf395a/
# Reference: https://www.virustotal.com/gui/file/ed5ca12fbf7cfc3e3a98e31f2b311e20b2c34d06e6e0a7d569666cb5ca01da8f/detection

mineluckydays.com

# Reference: https://www.virustotal.com/gui/file/0031733f407de5fd24368558e64edc88f43e5c198cd5a33fea309dae1963e53d/detection

oretola.at

# Reference: https://www.virustotal.com/gui/file/2e0130f93e1273fd89e24df8e4233e9f9128993621bd6593b69dc402916a5076/detection
# Reference: https://www.virustotal.com/gui/file/119b8ba2da3306bd0ea4de826fafcd815e7967f76e4f7e09a3d5bee44403e870/detection

http://185.49.68.75
http://63.250.40.68
http://63.250.40.69
63.250.40.68:443
63.250.40.69:443
paneloos.website

# Reference: https://twitter.com/jstrosch/status/1627324637565665282
# Reference: https://twitter.com/Gi7w0rm/status/1627328509424050177
# Reference: https://tria.ge/230219-smrn7sfh45/behavioral2
# Reference: https://www.virustotal.com/gui/file/0e34b4a7b619cef883e796c0665810814f9455e166cc7b15111b431933978f12/detection
# Reference: https://www.virustotal.com/gui/file/cf793c17598eadcc77f3fc79d0a35bd5af59792e932946c7115a3033a44fb070/detection

http://62.173.147.2
djajsbmq.page.link
qwttqrao.page.link
eurooknamsk.ru/headers/azienda/
/Agenzia_E.zip
/Agenzia_E1.zip
/Agenzia_E2.zip
/Agenzia_E3.zip
/Agenzia_E4.zip
/Agenzia_E5.zip
/Agenzia_E6.zip
/Agenzia_E7.zip
/Agenzia_E8.zip
/Agenzia_E9.zip

# Reference: https://twitter.com/MalwarePotato/status/1628390244029538304
# Reference: https://www.virustotal.com/gui/file/938a8a3730159aae968d54d6a722e34abdc7569445cd6971ab45d3f45a7e26a5/detection

whatswit.com

# Reference: https://twitter.com/0xToxin/status/1630939844699406337
# Reference: https://twitter.com/JAMESWT_MHT/status/1630946042995695616
# Reference: https://twitter.com/JAMESWT_MHT/status/1630882714281730049

http://109.248.11.155
http://135.148.67.88
http://157.254.194.151
http://157.254.195.117
http://159.100.30.187
http://191.101.2.39
http://23.106.124.232
http://46.30.45.60
http://91.215.85.151
http://94.140.115.195
fireclier.com
skinydress.com

# Reference: https://twitter.com/luc4m/status/1630936965670486018

http://109.248.11.138
http://31.41.44.35
http://5.44.45.173
http://62.173.141.253
http://89.116.229.133

# Reference: https://twitter.com/JAMESWT_MHT/status/1631249079253516289

http://46.8.19.144
http://46.8.19.163
http://46.8.19.235
http://46.8.19.244
http://46.8.19.32
http://46.8.210.12

# Reference: https://twitter.com/JAMESWT_MHT/status/1631276725421199363
# Reference: https://app.any.run/tasks/76051d62-1938-4ad6-8436-08215eb50ce9/

http://109.248.11.112
http://31.41.44.33
http://62.173.141.252

# Reference: https://twitter.com/reecdeep/status/1632781758906105869

http://31.41.44.49
http://46.8.19.233
http://46.8.19.86
http://5.44.45.201
http://62.173.138.138
http://62.173.140.76
http://62.173.140.94
http://89.116.236.41

# Reference: https://twitter.com/abuse_ch/status/1633027155654238208
# Reference: https://threatfox.abuse.ch/browse/tag/7710/

http://185.77.96.40
http://31.41.44.48
http://46.8.19.116
http://46.8.19.239
http://62.173.138.251
http://62.173.139.11
46.8.19.163:445
46.8.19.32:445

# Reference: https://twitter.com/JAMESWT_MHT/status/1633373289706921984

http://46.8.210.31
http://46.8.210.32
http://46.8.210.33
http://46.8.210.34
http://46.8.210.35
http://46.8.210.36
http://46.8.210.37
http://46.8.210.38
http://46.8.210.39
http://46.8.210.40
http://46.8.210.41
http://46.8.210.42
http://46.8.210.43
http://46.8.210.44
http://46.8.210.45
http://46.8.210.46
http://46.8.210.47
http://46.8.210.48
http://46.8.210.49
http://46.8.210.50
http://46.8.210.51
http://46.8.210.52
http://46.8.210.53
http://46.8.210.54
http://46.8.210.55
http://46.8.210.56
http://46.8.210.57

# Reference: https://twitter.com/JAMESWT_MHT/status/1633763476387553282
# Reference: https://twitter.com/reecdeep/status/1633752021613391873
# Reference: https://twitter.com/reecdeep/status/1633770503943999492

http://31.41.44.85
http://31.41.44.90
http://46.8.210.110
http://46.8.210.112
http://5.44.45.204
http://62.173.141.36
http://62.173.141.37
http://62.173.141.38
http://89.116.227.49
http://93.233.175.98
interit32.com
sunit32.com

# Reference: https://twitter.com/reecdeep/status/1634125065557082112
# Reference: https://app.any.run/tasks/7aaf02fc-fb88-47ce-ac1e-f7177e38e2be/

http://109.248.201.1
http://31.41.44.23
http://31.41.44.36
http://31.41.44.92
http://45.128.185.33
http://46.8.210.143
http://46.8.210.192
http://62.173.139.190
http://62.173.140.236

# Reference: https://twitter.com/JAMESWT_MHT/status/1635544232466305024
# Reference: https://twitter.com/JAMESWT_MHT/status/1635547379024764928

http://109.248.11.162
http://109.248.11.164

# Reference: https://twitter.com/JAMESWT_MHT/status/1635544234739507200
# Reference: https://twitter.com/reecdeep/status/1635568906113884161

http://109.248.11.145
http://185.232.171.201
http://191.96.251.201
http://191.96.251.249
http://193.233.175.111
http://31.41.44.106
http://31.41.44.107
http://46.8.210.50
http://5.44.43.13
http://62.173.142.51
http://62.173.142.52
http://62.173.142.53
http://94.103.183.153
http://94.103.183.154
http://95.142.39.92

# Reference: https://twitter.com/JAMESWT_MHT/status/1635708033924726792

http://46.8.19.120
http://46.8.19.235

# Reference: https://twitter.com/JAMESWT_MHT/status/1635711021925924870
# Reference: https://pastebin.com/jVFyJQPV

http://110.164.93.43
http://139.59.47.9
http://144.217.167.138
http://162.241.227.200
http://177.126.144.44
http://180.250.19.48
http://193.236.79.44
http://202.28.69.138
http://23.254.229.88
http://3.14.150.24
http://43.231.113.83
http://51.68.124.231
110.164.93.43:443
139.59.47.9:443
144.217.167.138:443
162.241.227.200:443
177.126.144.44:443
180.250.19.48:443
193.236.79.44:443
202.28.69.138:443
23.254.229.88:443
3.14.150.24:443
43.231.113.83:443
51.68.124.231:443
044d730.netsolhost.com/agenzia/
044d730.netsolhost.com/connect/
044d730.netsolhost.com/scarica/
0following.com/scarica/
1337x.ind.in/agenzia/
1337x.ind.in/connect/
1337x.ind.in/scarica/
380.momothemes.com/agenzia/
380.momothemes.com/connect/
380.momothemes.com/scarica/
406259006.student.yru.ac.th/agenzia/
406259006.student.yru.ac.th/connect/
406259006.student.yru.ac.th/scarica/
406265022.student.yru.ac.th/agenzia/
406265022.student.yru.ac.th/connect/
406265022.student.yru.ac.th/scarica/
4m.kgadsoft.com/agenzia/
4m.kgadsoft.com/connect/
4m.kgadsoft.com/scarica/
500000wordswithpictures.com/agenzia/
500000wordswithpictures.com/connect/
500000wordswithpictures.com/scarica/
6196109405896.hostingkunde.de/agenzia/
6196109405896.hostingkunde.de/connect/
6196109405896.hostingkunde.de/scarica/
97gp.net/agenzia/
97gp.net/connect/
97gp.net/scarica/
aaplevidyapith.sgbau.ac.in/agenzia/
aaplevidyapith.sgbau.ac.in/connect/
aaplevidyapith.sgbau.ac.in/scarica/
ab.appilogics.info/agenzia/
ab.appilogics.info/connect/
ab.appilogics.info/scarica/
ack-s.ru/agenzia/
ack-s.ru/connect/
ack-s.ru/scarica/
acompanhantescuritiba.org/agenzia/
acompanhantescuritiba.org/connect/
acompanhantescuritiba.org/scarica/
adamic2k8.wave.seedhost.eu/agenzia/
adamic2k8.wave.seedhost.eu/connect/
adamic2k8.wave.seedhost.eu/scarica/
addurltogoogle.com/scarica/
admin-sense.com/agenzia/
admin-sense.com/connect/
admin-sense.com/scarica/
admin.arc-ye.com/scarica/
admin.byte.in.ua/agenzia/
admin.byte.in.ua/connect/
admin.byte.in.ua/scarica/
admincontrol.tabarakschool.com/agenzia/
admincontrol.tabarakschool.com/connect/
admincontrol.tabarakschool.com/scarica/
adrianfesa.es/agenzia/
adrianfesa.es/connect/
adrianfesa.es/scarica/
aiakujundus.ee/agenzia/
aiakujundus.ee/connect/
aiakujundus.ee/scarica/
aij.be/agenzia/
aij.be/connect/
aij.be/scarica/
ajtmr.com/agenzia/
ajtmr.com/connect/
ajtmr.com/scarica/
akb1678.com/agenzia/
akb1678.com/connect/
akb1678.com/scarica/
alakheilizwe.org/agenzia/
alakheilizwe.org/connect/
alakheilizwe.org/scarica/
aldebaran.adm.br/agenzia/
aldebaran.adm.br/connect/
aldebaran.adm.br/scarica/
alemaanwebtv.net/agenzia/
alemaanwebtv.net/connect/
alemaanwebtv.net/scarica/
alfredreinigung.ch/agenzia/
alfredreinigung.ch/connect/
alfredreinigung.ch/scarica/
almahasouq.com/agenzia/
almahasouq.com/connect/
almahasouq.com/scarica/
alumni.esankalp.com/agenzia/
alumni.esankalp.com/connect/
alumni.esankalp.com/scarica/
amomarcenaria.com.br/agenzia/
amomarcenaria.com.br/connect/
amomarcenaria.com.br/scarica/
antacobinhduong.com/agenzia/
antacobinhduong.com/connect/
antacobinhduong.com/scarica/
app.rkhom.in/agenzia/
app.rkhom.in/connect/
app.rkhom.in/scarica/
app2.geodesist.pro/agenzia/
app2.geodesist.pro/connect/
app2.geodesist.pro/scarica/
apphuman.webzeminiprint.in/agenzia/
apphuman.webzeminiprint.in/connect/
apphuman.webzeminiprint.in/scarica/
aracnofa.com.br/agenzia/
aracnofa.com.br/connect/
aracnofa.com.br/scarica/
arbah-tracker.com/agenzia/
arbah-tracker.com/connect/
arbah-tracker.com/scarica/
arbitrag38.ru/agenzia/
arbitrag38.ru/connect/
arbitrag38.ru/scarica/
arkidecture.com/agenzia/
arkidecture.com/connect/
arkidecture.com/scarica/
asaims.co/agenzia/
asaims.co/connect/
asaims.co/scarica/
assessoriapolinya.com/agenzia/
assessoriapolinya.com/connect/
assessoriapolinya.com/scarica/
balneario.tissotodontologia.com.br/agenzia/
balneario.tissotodontologia.com.br/connect/
balneario.tissotodontologia.com.br/scarica/
bancarioscornelio.com.br/agenzia/
bancarioscornelio.com.br/connect/
bancarioscornelio.com.br/scarica/
basic4u.com.tr/agenzia/
basic4u.com.tr/connect/
basic4u.com.tr/scarica/
bayyan.magesticflyer.com/agenzia/
bayyan.magesticflyer.com/connect/
bayyan.magesticflyer.com/scarica/
bayyancharity.click2clock.com/agenzia/
bayyancharity.click2clock.com/connect/
bayyancharity.click2clock.com/scarica/
befizzi.de/agenzia/
befizzi.de/connect/
befizzi.de/scarica/
bestmagento.com/agenzia/
bestmagento.com/connect/
bestmagento.com/scarica/
bloom.paravision.org/agenzia/
bloom.paravision.org/connect/
bloom.paravision.org/scarica/
bmg.edu.vn/agenzia/
bmg.edu.vn/connect/
bmg.edu.vn/scarica/
bobbyarts.com/agenzia/
bobbyarts.com/connect/
bobbyarts.com/scarica/
booking.vhtcomputers.com/agenzia/
booking.vhtcomputers.com/connect/
booking.vhtcomputers.com/scarica/
bprnbp32.com/agenzia/
bprnbp32.com/connect/
bprnbp32.com/scarica/
bracell.latitude.net.br/agenzia/
bracell.latitude.net.br/connect/
bracell.latitude.net.br/scarica/
brasaoprata.com.br/agenzia/
brasaoprata.com.br/connect/
brasaoprata.com.br/scarica/
c1361763.ferozo.com/agenzia/
c1361763.ferozo.com/connect/
c1361763.ferozo.com/scarica/
c2freshwater.co.za/agenzia/
c2freshwater.co.za/connect/
c2freshwater.co.za/scarica/
cabecaplay.com/agenzia/
cabecaplay.com/connect/
cabecaplay.com/scarica/
calemboadvogados.com.br/agenzia/
calemboadvogados.com.br/connect/
calemboadvogados.com.br/scarica/
canadianwomenswellness.ca/agenzia/
canadianwomenswellness.ca/connect/
canadianwomenswellness.ca/scarica/
cargoexpressenvios.com/agenzia/
cargoexpressenvios.com/connect/
cargoexpressenvios.com/scarica/
carusoadvogados.com.br/agenzia/
carusoadvogados.com.br/connect/
carusoadvogados.com.br/scarica/
ccforteza.com/agenzia/
ccforteza.com/connect/
ccforteza.com/scarica/
celiklergoldtasarim.com/agenzia/
celiklergoldtasarim.com/connect/
celiklergoldtasarim.com/scarica/
cfu.twr.mybluehost.me/agenzia/
cfu.twr.mybluehost.me/connect/
cfu.twr.mybluehost.me/scarica/
chothuexetaitphcm.net/agenzia/
chothuexetaitphcm.net/connect/
chothuexetaitphcm.net/scarica/
clinicamomentum.com.br/agenzia/
clinicamomentum.com.br/connect/
clinicamomentum.com.br/scarica/
cliqueebr1.hospedagemdesites.ws/agenzia/
cliqueebr1.hospedagemdesites.ws/connect/
cliqueebr1.hospedagemdesites.ws/scarica/
clubedetirolapua.com.br/agenzia/
clubedetirolapua.com.br/connect/
clubedetirolapua.com.br/scarica/
codeigniter.vhtcomputers.eu/agenzia/
codeigniter.vhtcomputers.eu/connect/
codeigniter.vhtcomputers.eu/scarica/
congtykhoancatbetong.com/agenzia/
congtykhoancatbetong.com/connect/
congtykhoancatbetong.com/scarica/
contest.eway24x7.com/agenzia/
contest.eway24x7.com/connect/
contest.eway24x7.com/scarica/
countrychristmas.ca/agenzia/
countrychristmas.ca/connect/
countrychristmas.ca/scarica/
creativit.fr/agenzia/
creativit.fr/connect/
creativit.fr/scarica/
crsn.com.ar/agenzia/
crsn.com.ar/connect/
crsn.com.ar/scarica/
crystalcoin.cc/agenzia/
crystalcoin.cc/connect/
crystalcoin.cc/scarica/
cuadernospda.net/agenzia/
cuadernospda.net/connect/
cuadernospda.net/scarica/
culinaria-passoapasso.artesanatodosucesso.com/agenzia/
culinaria-passoapasso.artesanatodosucesso.com/connect/
culinaria-passoapasso.artesanatodosucesso.com/scarica/
cxf.jhj.mybluehost.me/agenzia/
cxf.jhj.mybluehost.me/connect/
cxf.jhj.mybluehost.me/scarica/
d7.fajridemo.com/agenzia/
d7.fajridemo.com/connect/
d7.fajridemo.com/scarica/
dailyushistory.com/scarica/
decadesflooring.com/agenzia/
decadesflooring.com/connect/
decadesflooring.com/scarica/
delay.millennial.co.id/agenzia/
delay.millennial.co.id/connect/
delay.millennial.co.id/scarica/
deliciousgreek.ca/agenzia/
deliciousgreek.ca/connect/
deliciousgreek.ca/scarica/
demo.omnitech.co.ug/agenzia/
demo.omnitech.co.ug/connect/
demo.omnitech.co.ug/scarica/
derekludlow.com/agenzia/
derekludlow.com/connect/
derekludlow.com/scarica/
derniertec.in/agenzia/
derniertec.in/connect/
derniertec.in/scarica/
dha6211.synology.me/agenzia/
dha6211.synology.me/connect/
dha6211.synology.me/scarica/
dichvuphanmem.net/agenzia/
dichvuphanmem.net/connect/
dichvuphanmem.net/scarica/
dilsrl.com/agenzia/
dilsrl.com/connect/
dilsrl.com/scarica/
dintani.hol.es/agenzia/
dintani.hol.es/connect/
dintani.hol.es/scarica/
dohrmann-projekt.de/agenzia/
dohrmann-projekt.de/connect/
dohrmann-projekt.de/scarica/
dom.msk.su/agenzia/
dom.msk.su/connect/
dom.msk.su/scarica/
dominionai.org/agenzia/
dominionai.org/connect/
dominionai.org/scarica/
donkeytourscroatia.com/agenzia/
donkeytourscroatia.com/connect/
donkeytourscroatia.com/scarica/
dsoftware.vn/agenzia/
dsoftware.vn/connect/
dsoftware.vn/scarica/
dutulongxuyen.com/agenzia/
dutulongxuyen.com/connect/
dutulongxuyen.com/scarica/
dwf72.go.th/agenzia/
dwf72.go.th/connect/
dwf72.go.th/scarica/
e-gospel.org/agenzia/
e-gospel.org/connect/
e-gospel.org/scarica/
ecofarmcafe.com/agenzia/
ecofarmcafe.com/connect/
ecofarmcafe.com/scarica/
economistasyasesores.com/agenzia/
economistasyasesores.com/connect/
economistasyasesores.com/scarica/
ecwdemo.werthebest.in/agenzia/
ecwdemo.werthebest.in/connect/
ecwdemo.werthebest.in/scarica/
egy.co.in/agenzia/
egy.co.in/connect/
egy.co.in/scarica/
ekoloji.eleganzaajans.com/agenzia/
ekoloji.eleganzaajans.com/connect/
ekoloji.eleganzaajans.com/scarica/
elearning.bdgsa.net/agenzia/
elearning.bdgsa.net/connect/
elearning.bdgsa.net/scarica/
elevecosmeticos.com.br/agenzia/
elevecosmeticos.com.br/connect/
elevecosmeticos.com.br/scarica/
embedone.com/scarica/
emprestimo.profissional.ws/agenzia/
emprestimo.profissional.ws/connect/
emprestimo.profissional.ws/scarica/
eraport.dfirma.pl/agenzia/
eraport.dfirma.pl/connect/
eraport.dfirma.pl/scarica/
ercyazilim.com/agenzia/
ercyazilim.com/connect/
ercyazilim.com/scarica/
espmweb.org/agenzia/
espmweb.org/connect/
espmweb.org/scarica/
estudio.ythan.com.br/agenzia/
estudio.ythan.com.br/connect/
estudio.ythan.com.br/scarica/
eurooknamsk.ru/agenzia/
eurooknamsk.ru/connect/
eurooknamsk.ru/scarica/
evolve-adv.com/agenzia/
evolve-adv.com/connect/
evolve-adv.com/scarica/
evrookna.spb.ru/agenzia/
evrookna.spb.ru/connect/
evrookna.spb.ru/scarica/
facilitaterceiri1.hospedagemdesites.ws/agenzia/
facilitaterceiri1.hospedagemdesites.ws/connect/
facilitaterceiri1.hospedagemdesites.ws/scarica/
facilite.profissional.ws/agenzia/
facilite.profissional.ws/connect/
facilite.profissional.ws/scarica/
fidelizza.desarrollojm.com/agenzia/
fidelizza.desarrollojm.com/connect/
fidelizza.desarrollojm.com/scarica/
fingertips.hk/agenzia/
fingertips.hk/connect/
fingertips.hk/scarica/
fossy11.gyges.feralhosting.com/agenzia/
fossy11.gyges.feralhosting.com/connect/
fossy11.gyges.feralhosting.com/scarica/
fretco.lebonplus.com/agenzia/
fretco.lebonplus.com/connect/
fretco.lebonplus.com/scarica/
gabyagozetim.com/agenzia/
gabyagozetim.com/connect/
gabyagozetim.com/scarica/
gapegape.co.za/agenzia/
gapegape.co.za/connect/
gapegape.co.za/scarica/
gayprider.com/agenzia/
gayprider.com/connect/
gayprider.com/scarica/
georgesghantous.com/agenzia/
georgesghantous.com/connect/
georgesghantous.com/scarica/
georgesnfrem.org/agenzia/
georgesnfrem.org/connect/
georgesnfrem.org/scarica/
giaxe-mitsubishi.vn/agenzia/
giaxe-mitsubishi.vn/connect/
giaxe-mitsubishi.vn/scarica/
globallaborsupply.com/agenzia/
globallaborsupply.com/connect/
globallaborsupply.com/scarica/
gmhealthcare.dothome.co.kr/agenzia/
gmhealthcare.dothome.co.kr/connect/
gmhealthcare.dothome.co.kr/scarica/
gplongxuyen.org/agenzia/
gplongxuyen.org/connect/
gplongxuyen.org/scarica/
gprotech.com.br/agenzia/
gprotech.com.br/connect/
gprotech.com.br/scarica/
gptrade.nazwa.pl/agenzia/
gptrade.nazwa.pl/connect/
gptrade.nazwa.pl/scarica/
granadoemurahara1.hospedagemdesites.ws/agenzia/
granadoemurahara1.hospedagemdesites.ws/connect/
granadoemurahara1.hospedagemdesites.ws/scarica/
greek-stresser.com/scarica/
guvencecelik.com/agenzia/
guvencecelik.com/connect/
guvencecelik.com/scarica/
habeco-p.vn/agenzia/
habeco-p.vn/connect/
habeco-p.vn/scarica/
hallmapping.com/agenzia/
hallmapping.com/connect/
hallmapping.com/scarica/
halofigures.net/agenzia/
halofigures.net/connect/
halofigures.net/scarica/
hash2.muzeed.com/agenzia/
hash2.muzeed.com/connect/
hash2.muzeed.com/scarica/
hdstatusvideos.com/agenzia/
hdstatusvideos.com/connect/
hdstatusvideos.com/scarica/
hipotesis.uy/agenzia/
hipotesis.uy/connect/
hipotesis.uy/scarica/
hotweazel.com/agenzia/
hotweazel.com/connect/
hotweazel.com/scarica/
hscor.saude.ws/agenzia/
hscor.saude.ws/connect/
hscor.saude.ws/scarica/
hygeiaindia.biz/agenzia/
hygeiaindia.biz/connect/
hygeiaindia.biz/scarica/
idrissischool.edu.my/agenzia/
idrissischool.edu.my/connect/
idrissischool.edu.my/scarica/
image-thaihometown.com/agenzia/
image-thaihometown.com/connect/
image-thaihometown.com/scarica/
immosaturn.com/agenzia/
immosaturn.com/connect/
immosaturn.com/scarica/
inditec.com.br/agenzia/
inditec.com.br/connect/
inditec.com.br/scarica/
inmobiliariarostagno.com/agenzia/
inmobiliariarostagno.com/connect/
inmobiliariarostagno.com/scarica/
inrecom.com/agenzia/
inrecom.com/connect/
inrecom.com/scarica/
insights.dothome.co.kr/agenzia/
insights.dothome.co.kr/connect/
insights.dothome.co.kr/scarica/
institut-corps-a-ligne.fr/agenzia/
institut-corps-a-ligne.fr/connect/
institut-corps-a-ligne.fr/scarica/
institutozoe.empresarial.ws/agenzia/
institutozoe.empresarial.ws/connect/
institutozoe.empresarial.ws/scarica/
interaccion.com.uy/scarica/
inventorymanagement.reliablesolution.in/agenzia/
inventorymanagement.reliablesolution.in/connect/
inventorymanagement.reliablesolution.in/scarica/
iprovietnam.com/agenzia/
iprovietnam.com/connect/
iprovietnam.com/scarica/
ir1964.nichost.ru/agenzia/
ir1964.nichost.ru/connect/
ir1964.nichost.ru/scarica/
isolution.lk/agenzia/
isolution.lk/connect/
isolution.lk/scarica/
italmaticgroup.com/agenzia/
italmaticgroup.com/connect/
italmaticgroup.com/scarica/
itsacb.win/agenzia/
itsacb.win/connect/
itsacb.win/scarica/
itsghp.com/agenzia/
itsghp.com/connect/
itsghp.com/scarica/
iwant.hu/agenzia/
iwant.hu/connect/
iwant.hu/scarica/
izquierdacristiana.net/agenzia/
izquierdacristiana.net/connect/
izquierdacristiana.net/scarica/
jaccolima.com/agenzia/
jaccolima.com/connect/
jaccolima.com/scarica/
jadhaoagroinds.com/agenzia/
jadhaoagroinds.com/connect/
jadhaoagroinds.com/scarica/
janisthaaivf.com/agenzia/
janisthaaivf.com/connect/
janisthaaivf.com/scarica/
jensin.com.vn/agenzia/
jensin.com.vn/connect/
jensin.com.vn/scarica/
jlsvvc.org.mx/agenzia/
jlsvvc.org.mx/connect/
jlsvvc.org.mx/scarica/
jobvoo.com/agenzia/
jobvoo.com/connect/
jobvoo.com/scarica/
jornalnovaepoca.com.br/agenzia/
jornalnovaepoca.com.br/connect/
jornalnovaepoca.com.br/scarica/
kd-p.ac.th/agenzia/
kd-p.ac.th/connect/
kd-p.ac.th/scarica/
kdecounivers.fr/agenzia/
kdecounivers.fr/connect/
kdecounivers.fr/scarica/
kelaskan.com/agenzia/
kelaskan.com/connect/
kelaskan.com/scarica/
khoancatbetongtphcm.net/agenzia/
khoancatbetongtphcm.net/connect/
khoancatbetongtphcm.net/scarica/
kiengiang24h.com/agenzia/
kiengiang24h.com/connect/
kiengiang24h.com/scarica/
kitdigital.tecoinfor.com/agenzia/
kitdigital.tecoinfor.com/connect/
kitdigital.tecoinfor.com/scarica/
kolontari.synology.me/agenzia/
kolontari.synology.me/connect/
kolontari.synology.me/scarica/
kzlegacy.com/agenzia/
kzlegacy.com/connect/
kzlegacy.com/scarica/
lanair.com.br/agenzia/
lanair.com.br/connect/
lanair.com.br/scarica/
lanrungnamtau.com/agenzia/
lanrungnamtau.com/connect/
lanrungnamtau.com/scarica/
lappyslodge.com/agenzia/
lappyslodge.com/connect/
lappyslodge.com/scarica/
lavacolla.com/agenzia/
lavacolla.com/connect/
lavacolla.com/scarica/
leadcrmapp.com/agenzia/
leadcrmapp.com/connect/
leadcrmapp.com/scarica/
lebuffet.com.tn/agenzia/
lebuffet.com.tn/connect/
lebuffet.com.tn/scarica/
llantasbenitez.com/agenzia/
llantasbenitez.com/connect/
llantasbenitez.com/scarica/
lms.mahdaviat.ir/agenzia/
lms.mahdaviat.ir/connect/
lms.mahdaviat.ir/scarica/
lorimagazine.com/scarica/
lotemoclubrificantes.com.br/agenzia/
lotemoclubrificantes.com.br/connect/
lotemoclubrificantes.com.br/scarica/
lotuskshetri.com.np/agenzia/
lotuskshetri.com.np/connect/
lotuskshetri.com.np/scarica/
lucas-tilsner.de/agenzia/
lucas-tilsner.de/connect/
lucas-tilsner.de/scarica/
m-ainsurance.com/agenzia/
m-ainsurance.com/connect/
m-ainsurance.com/scarica/
macro.nyc/agenzia/
macro.nyc/connect/
macro.nyc/scarica/
mail.northjerseysinuscenter.com/agenzia/
mail.northjerseysinuscenter.com/connect/
mail.northjerseysinuscenter.com/scarica/
map.famillericci.com/agenzia/
map.famillericci.com/connect/
map.famillericci.com/scarica/
masterjax.com/agenzia/
masterjax.com/connect/
masterjax.com/scarica/
matchtranslations.com/agenzia/
matchtranslations.com/connect/
matchtranslations.com/scarica/
medcar.com.tn/agenzia/
medcar.com.tn/connect/
medcar.com.tn/scarica/
medicalbillingandtelehealth.com/agenzia/
medicalbillingandtelehealth.com/connect/
medicalbillingandtelehealth.com/scarica/
medktech.com/agenzia/
medktech.com/connect/
medktech.com/scarica/
meiieco.fr/agenzia/
meiieco.fr/connect/
meiieco.fr/scarica/
mekatronika.poltekom.ac.id/agenzia/
mekatronika.poltekom.ac.id/connect/
mekatronika.poltekom.ac.id/scarica/
minimeagency.de/agenzia/
minimeagency.de/connect/
minimeagency.de/scarica/
mms.26mai.net/agenzia/
mms.26mai.net/connect/
mms.26mai.net/scarica/
moodle.corplearning.net/agenzia/
moodle.corplearning.net/connect/
moodle.corplearning.net/scarica/
mosweb.mosyazilim.com/agenzia/
mosweb.mosyazilim.com/connect/
mosweb.mosyazilim.com/scarica/
movidoc.com.br/agenzia/
movidoc.com.br/connect/
movidoc.com.br/scarica/
moviesuccess.hostoise.com/agenzia/
moviesuccess.hostoise.com/connect/
moviesuccess.hostoise.com/scarica/
msbestservice.com/agenzia/
msbestservice.com/connect/
msbestservice.com/scarica/
msgismakineleri.com/agenzia/
msgismakineleri.com/connect/
msgismakineleri.com/scarica/
munillusco.gob.pe/agenzia/
munillusco.gob.pe/connect/
munillusco.gob.pe/scarica/
mxgo.com.br/agenzia/
mxgo.com.br/connect/
mxgo.com.br/scarica/
nacasadojardim.com.br/agenzia/
nacasadojardim.com.br/connect/
nacasadojardim.com.br/scarica/
narayanahomeopathy.com/agenzia/
narayanahomeopathy.com/connect/
narayanahomeopathy.com/scarica/
nbbgarden.vn/agenzia/
nbbgarden.vn/connect/
nbbgarden.vn/scarica/
newinvestingonline.com/agenzia/
newinvestingonline.com/connect/
newinvestingonline.com/scarica/
ngarengan.com/agenzia/
ngarengan.com/connect/
ngarengan.com/scarica/
nhachannuoi.vn/agenzia/
nhachannuoi.vn/connect/
nhachannuoi.vn/scarica/
nhatheptienchebinhduong.com/agenzia/
nhatheptienchebinhduong.com/connect/
nhatheptienchebinhduong.com/scarica/
noclegiwiele.pl/agenzia/
noclegiwiele.pl/connect/
noclegiwiele.pl/scarica/
noithatxuanchien.com/agenzia/
noithatxuanchien.com/connect/
noithatxuanchien.com/scarica/
nonsoloshopper.net/agenzia/
nonsoloshopper.net/connect/
nonsoloshopper.net/scarica/
notaire-gay-friendly.fr/agenzia/
notaire-gay-friendly.fr/connect/
notaire-gay-friendly.fr/scarica/
novak-home.com/agenzia/
novak-home.com/connect/
novak-home.com/scarica/
numbersolution.in/agenzia/
numbersolution.in/connect/
numbersolution.in/scarica/
nutricionista1.agenciasafiraweb.ml/scarica/
okatahscloset.gm/agenzia/
okatahscloset.gm/connect/
okatahscloset.gm/scarica/
oknaoptima24.ru/agenzia/
oknaoptima24.ru/connect/
oknaoptima24.ru/scarica/
oneweekday.com/agenzia/
oneweekday.com/connect/
oneweekday.com/scarica/
ong-rafaa.org/agenzia/
ong-rafaa.org/connect/
ong-rafaa.org/scarica/
onlinedcus.com/agenzia/
onlinedcus.com/connect/
onlinedcus.com/scarica/
onppe.dz/agenzia/
onppe.dz/connect/
onppe.dz/scarica/
openar.me/agenzia/
openar.me/connect/
openar.me/scarica/
opencart.notebookparcalari.com/agenzia/
opencart.notebookparcalari.com/connect/
opencart.notebookparcalari.com/scarica/
operagarden.com.tr/agenzia/
operagarden.com.tr/connect/
operagarden.com.tr/scarica/
ora.ci/agenzia/
ora.ci/connect/
ora.ci/scarica/
organizer.safeonline.it/agenzia/
organizer.safeonline.it/connect/
organizer.safeonline.it/scarica/
overdose-art.com/agenzia/
overdose-art.com/connect/
overdose-art.com/scarica/
ox000603.ferozo.com/agenzia/
ox000603.ferozo.com/connect/
ox000603.ferozo.com/scarica/
ozyilmazelektrik.com/agenzia/
ozyilmazelektrik.com/connect/
ozyilmazelektrik.com/scarica/
panelinbeles.elittvplayer.com/agenzia/
panelinbeles.elittvplayer.com/connect/
panelinbeles.elittvplayer.com/scarica/
pasta-rada.ch/agenzia/
pasta-rada.ch/connect/
pasta-rada.ch/scarica/
peacepillars.org/agenzia/
peacepillars.org/connect/
peacepillars.org/scarica/
pentagonopublicidade.com.br/agenzia/
pentagonopublicidade.com.br/connect/
pentagonopublicidade.com.br/scarica/
pgn-dkppsby.com/agenzia/
pgn-dkppsby.com/connect/
pgn-dkppsby.com/scarica/
phancharat.lab.cvc.ac.th/agenzia/
phancharat.lab.cvc.ac.th/connect/
phancharat.lab.cvc.ac.th/scarica/
physio-performance.at/agenzia/
physio-performance.at/connect/
physio-performance.at/scarica/
pomkaew.ac.th/agenzia/
pomkaew.ac.th/connect/
pomkaew.ac.th/scarica/
pooramkuries.com/agenzia/
pooramkuries.com/connect/
pooramkuries.com/scarica/
portosegurosafet1.hospedagemdesites.ws/agenzia/
portosegurosafet1.hospedagemdesites.ws/connect/
portosegurosafet1.hospedagemdesites.ws/scarica/
potolki-razumno.ru/agenzia/
potolki-razumno.ru/connect/
potolki-razumno.ru/scarica/
ppkhosp.go.th/agenzia/
ppkhosp.go.th/connect/
ppkhosp.go.th/scarica/
primusth.com/agenzia/
primusth.com/connect/
primusth.com/scarica/
proaug.com/agenzia/
proaug.com/connect/
proaug.com/scarica/
projecto.profissional.ws/agenzia/
projecto.profissional.ws/connect/
projecto.profissional.ws/scarica/
puwasit.lab.cvc.ac.th/agenzia/
puwasit.lab.cvc.ac.th/connect/
puwasit.lab.cvc.ac.th/scarica/
qa.ncompassmkt.com/agenzia/
qa.ncompassmkt.com/connect/
qa.ncompassmkt.com/scarica/
qotube.com/scarica/
qrroom.com/agenzia/
qrroom.com/connect/
qrroom.com/scarica/
ranjanhealthcare.com/agenzia/
ranjanhealthcare.com/connect/
ranjanhealthcare.com/scarica/
rayzahna.com/scarica/
rbo-kfz.de/agenzia/
rbo-kfz.de/connect/
rbo-kfz.de/scarica/
reasonartit.com/agenzia/
reasonartit.com/connect/
reasonartit.com/scarica/
records.dennisign.se/agenzia/
records.dennisign.se/connect/
records.dennisign.se/scarica/
rektor.itbi.ac.id/agenzia/
rektor.itbi.ac.id/connect/
rektor.itbi.ac.id/scarica/
remar-mali.org/agenzia/
remar-mali.org/connect/
remar-mali.org/scarica/
renacer.jgorange.com/agenzia/
renacer.jgorange.com/connect/
renacer.jgorange.com/scarica/
riderspin.com/agenzia/
riderspin.com/connect/
riderspin.com/scarica/
robuxgenerator.today/agenzia/
robuxgenerator.today/connect/
robuxgenerator.today/scarica/
rpm4music.com/agenzia/
rpm4music.com/connect/
rpm4music.com/scarica/
rpperformance.com.br/agenzia/
rpperformance.com.br/connect/
rpperformance.com.br/scarica/
sandonet.es/agenzia/
sandonet.es/connect/
sandonet.es/scarica/
santavecina.com.ar/agenzia/
santavecina.com.ar/connect/
santavecina.com.ar/scarica/
saukpgp.ru/agenzia/
saukpgp.ru/connect/
saukpgp.ru/scarica/
schoonheidsspecialiste-ank.be/agenzia/
schoonheidsspecialiste-ank.be/connect/
schoonheidsspecialiste-ank.be/scarica/
scwebtech4u.com/agenzia/
scwebtech4u.com/connect/
scwebtech4u.com/scarica/
senderolunarejo.com/agenzia/
senderolunarejo.com/connect/
senderolunarejo.com/scarica/
server434633.nazwa.pl/agenzia/
server434633.nazwa.pl/connect/
server434633.nazwa.pl/scarica/
server512758.nazwa.pl/agenzia/
server512758.nazwa.pl/connect/
server512758.nazwa.pl/scarica/
server850010.nazwa.pl/agenzia/
server850010.nazwa.pl/connect/
server850010.nazwa.pl/scarica/
serwer132581.lh.pl/agenzia/
serwer132581.lh.pl/connect/
serwer132581.lh.pl/scarica/
severo.pt/agenzia/
severo.pt/connect/
severo.pt/scarica/
sherryanneinteriors.com/agenzia/
sherryanneinteriors.com/connect/
sherryanneinteriors.com/scarica/
shomasoft.ir/agenzia/
shomasoft.ir/connect/
shomasoft.ir/scarica/
siennaboutique.fr/agenzia/
siennaboutique.fr/connect/
siennaboutique.fr/scarica/
sirenasultana.com/agenzia/
sirenasultana.com/connect/
sirenasultana.com/scarica/
sirinatpetrol.com/agenzia/
sirinatpetrol.com/connect/
sirinatpetrol.com/scarica/
sirinatservis.com/agenzia/
sirinatservis.com/connect/
sirinatservis.com/scarica/
sistema.rental.aju.br/agenzia/
sistema.rental.aju.br/connect/
sistema.rental.aju.br/scarica/
sistemvirtual.com.br/agenzia/
sistemvirtual.com.br/connect/
sistemvirtual.com.br/scarica/
site.2sdata.ma/agenzia/
site.2sdata.ma/connect/
site.2sdata.ma/scarica/
smalltown.in/agenzia/
smalltown.in/connect/
smalltown.in/scarica/
smpnuruliman.xyz/agenzia/
smpnuruliman.xyz/connect/
smpnuruliman.xyz/scarica/
sms.essmatrix.in/agenzia/
sms.essmatrix.in/connect/
sms.essmatrix.in/scarica/
softkeyautomacao.com.br/agenzia/
softkeyautomacao.com.br/connect/
softkeyautomacao.com.br/scarica/
softonn.com/agenzia/
softonn.com/connect/
softonn.com/scarica/
solidaritewalo.org/agenzia/
solidaritewalo.org/connect/
solidaritewalo.org/scarica/
solonotizie.com/agenzia/
solonotizie.com/connect/
solonotizie.com/scarica/
solthor.dk/agenzia/
solthor.dk/connect/
solthor.dk/scarica/
solutionsindicancia.com.br/agenzia/
solutionsindicancia.com.br/connect/
solutionsindicancia.com.br/scarica/
somautomotivorj.com.br/agenzia/
somautomotivorj.com.br/connect/
somautomotivorj.com.br/scarica/
spaziosei.it/agenzia/
spaziosei.it/connect/
spaziosei.it/scarica/
spst.hqup.in/agenzia/
spst.hqup.in/connect/
spst.hqup.in/scarica/
srsorvete.com.br/agenzia/
srsorvete.com.br/connect/
srsorvete.com.br/scarica/
startup-guyane.tech/agenzia/
startup-guyane.tech/connect/
startup-guyane.tech/scarica/
suakhoaketsattphcm.com/agenzia/
suakhoaketsattphcm.com/connect/
suakhoaketsattphcm.com/scarica/
suatanbinhduong.vn/agenzia/
suatanbinhduong.vn/connect/
suatanbinhduong.vn/scarica/
sungco.com.vn/agenzia/
sungco.com.vn/connect/
sungco.com.vn/scarica/
sutek.vn/agenzia/
sutek.vn/connect/
sutek.vn/scarica/
syntaxti.com.br/agenzia/
syntaxti.com.br/connect/
syntaxti.com.br/scarica/
tactical-pineapplez.com/agenzia/
tactical-pineapplez.com/connect/
tactical-pineapplez.com/scarica/
teammicrosoftindia.com/agenzia/
teammicrosoftindia.com/connect/
teammicrosoftindia.com/scarica/
techcusp.com/agenzia/
techcusp.com/connect/
techcusp.com/scarica/
teleconcepts.net/agenzia/
teleconcepts.net/connect/
teleconcepts.net/scarica/
test.earborist.com/agenzia/
test.earborist.com/connect/
test.earborist.com/scarica/
test.kangooroo-re.com/agenzia/
test.kangooroo-re.com/connect/
test.kangooroo-re.com/scarica/
the9thplayer.com/agenzia/
the9thplayer.com/connect/
the9thplayer.com/scarica/
thegioibanghieu.net/agenzia/
thegioibanghieu.net/connect/
thegioibanghieu.net/scarica/
thegrand-manhattan.vn/agenzia/
thegrand-manhattan.vn/connect/
thegrand-manhattan.vn/scarica/
threerosesbeauty.com/agenzia/
threerosesbeauty.com/connect/
threerosesbeauty.com/scarica/
tienda.museosdelbancocentral.org/agenzia/
tienda.museosdelbancocentral.org/connect/
tienda.museosdelbancocentral.org/scarica/
timediazm.com/agenzia/
timediazm.com/connect/
timediazm.com/scarica/
tipskinghk.com/agenzia/
tipskinghk.com/connect/
tipskinghk.com/scarica/
tjsai.ch/agenzia/
tjsai.ch/connect/
tjsai.ch/scarica/
tm-women.ca/agenzia/
tm-women.ca/connect/
tm-women.ca/scarica/
tpaitbindonesia.itbi.ac.id/agenzia/
tpaitbindonesia.itbi.ac.id/connect/
tpaitbindonesia.itbi.ac.id/scarica/
tpmconceptsa.ch/agenzia/
tpmconceptsa.ch/connect/
tpmconceptsa.ch/scarica/
tratada.com.br/agenzia/
tratada.com.br/connect/
tratada.com.br/scarica/
triquetratrust.org/agenzia/
triquetratrust.org/connect/
triquetratrust.org/scarica/
trungtambaohanhmaylanh.com/agenzia/
trungtambaohanhmaylanh.com/connect/
trungtambaohanhmaylanh.com/scarica/
twu-hwt.org/agenzia/
twu-hwt.org/connect/
twu-hwt.org/scarica/
u9369287208.iransofttools.ir/agenzia/
u9369287208.iransofttools.ir/connect/
u9369287208.iransofttools.ir/scarica/
uecn3165.odns.fr/agenzia/
uecn3165.odns.fr/connect/
uecn3165.odns.fr/scarica/
unacam.ong.br/agenzia/
unacam.ong.br/connect/
unacam.ong.br/scarica/
unapromo.com/agenzia/
unapromo.com/connect/
unapromo.com/scarica/
unimac.paravision.org/agenzia/
unimac.paravision.org/connect/
unimac.paravision.org/scarica/
unionesduraderas.com/agenzia/
unionesduraderas.com/connect/
unionesduraderas.com/scarica/
unioneterna.com/agenzia/
unioneterna.com/connect/
unioneterna.com/scarica/
utoburg.ch/agenzia/
utoburg.ch/connect/
utoburg.ch/scarica/
utparral.edu.mx/agenzia/
utparral.edu.mx/connect/
utparral.edu.mx/scarica/
vattutuoi.vn/agenzia/
vattutuoi.vn/connect/
vattutuoi.vn/scarica/
vcecomputer.com/agenzia/
vcecomputer.com/connect/
vcecomputer.com/scarica/
veresgamou.gr/agenzia/
veresgamou.gr/connect/
veresgamou.gr/scarica/
veterantimespk.art/agenzia/
veterantimespk.art/connect/
veterantimespk.art/scarica/
vhtcomputers.eu/agenzia/
vhtcomputers.eu/connect/
vhtcomputers.eu/scarica/
via-jes.com/agenzia/
via-jes.com/connect/
via-jes.com/scarica/
villanyzsolti.hu/agenzia/
villanyzsolti.hu/connect/
villanyzsolti.hu/scarica/
volver.timgoz.com.br/agenzia/
volver.timgoz.com.br/connect/
volver.timgoz.com.br/scarica/
votre-futur-site.com/agenzia/
votre-futur-site.com/connect/
votre-futur-site.com/scarica/
votre-futur-site.fr/agenzia/
votre-futur-site.fr/connect/
votre-futur-site.fr/scarica/
vps120304.vps.ovh.ca/agenzia/
vps120304.vps.ovh.ca/connect/
vps120304.vps.ovh.ca/scarica/
vxcomunicacao.com/agenzia/
vxcomunicacao.com/connect/
vxcomunicacao.com/scarica/
w1072207.checkdomain.net/agenzia/
w1072207.checkdomain.net/connect/
w1072207.checkdomain.net/scarica/
weltenergia1.hospedagemdesites.ws/agenzia/
weltenergia1.hospedagemdesites.ws/connect/
weltenergia1.hospedagemdesites.ws/scarica/
westerntasa.com/agenzia/
westerntasa.com/connect/
westerntasa.com/scarica/
williemcbrides.com/agenzia/
williemcbrides.com/connect/
williemcbrides.com/scarica/
winpos.sitoplan.com/agenzia/
winpos.sitoplan.com/connect/
winpos.sitoplan.com/scarica/
woilatam.com/agenzia/
woilatam.com/connect/
woilatam.com/scarica/
wonderkids-itsacademic.com/scarica/
wzamowieniach.pl/agenzia/
wzamowieniach.pl/connect/
wzamowieniach.pl/scarica/
xmanager.in/agenzia/
xmanager.in/connect/
xmanager.in/scarica/
zero.cs.ubru.ac.th/agenzia/
zero.cs.ubru.ac.th/connect/
zero.cs.ubru.ac.th/scarica/
zoltan-acs.com/scarica/
zsrest.com/agenzia/
zsrest.com/connect/
zsrest.com/scarica/

# Reference: https://twitter.com/JAMESWT_MHT/status/1636009899829215234
# Reference: https://twitter.com/JAMESWT_MHT/status/1636011206837256192

http://109.248.11.163
http://109.248.11.166
/agenzia/server.exe
/scarica/server.exe

# Reference: https://twitter.com/JAMESWT_MHT/status/1636295280164257794
# Reference: https://twitter.com/reecdeep/status/1636315491227631618

http://15.204.49.218
http://31.172.83.231
http://85.208.107.19
http://91.215.85.172
http://94.140.115.47
dentath.com
kdnr.online

# Reference: https://twitter.com/JAMESWT_MHT/status/1637767016692973570

http://109.248.11.184
http://109.248.11.186
http://109.248.11.187
http://109.248.11.189
http://185.68.93.7
http://193.233.175.113
http://212.109.218.26
http://62.173.142.81

# Reference: https://twitter.com/JAMESWT_MHT/status/1638126843466338306
# Reference: https://twitter.com/reecdeep/status/1638134135955808258
# Reference: https://www.virustotal.com/gui/ip-address/146.70.155.200/relations
# Reference: https://www.virustotal.com/gui/ip-address/91.215.85.202/relations

http://91.215.85.201
http://91.215.85.202
fattndl.site
lookingerty.com
scyfalles.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1638443684122198016

http://109.248.11.217
http://109.248.11.226
http://109.248.11.227
http://212.109.218.151
http://5.44.45.83
http://62.173.142.50

# Reference: https://twitter.com/reecdeep/status/1638498403419054080

http://109.248.11.185
http://212.109.218.151
http://212.109.218.28
http://217.12.207.14
http://31.41.44.47
http://5.34.176.235
http://5.44.45.249
http://5.44.45.83
http://62.173.142.50
http://62.173.142.82

# Reference: https://twitter.com/JAMESWT_MHT/status/1638861216700416001

http://109.248.11.191
http://109.248.11.192
http://109.248.11.193
centarial.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1639161112405975042
# Reference: https://twitter.com/reecdeep/status/1639173997265928193

http://185.68.93.20
http://193.233.175.115
http://195.123.211.112
http://31.41.44.117
http://45.140.167.95
http://45.89.189.6
http://46.8.19.242
http://46.8.19.44
http://46.8.210.133
http://46.8.210.86
http://62.173.140.250
http://62.173.141.28

# Reference: https://twitter.com/JAMESWT_MHT/status/1639529108487979008

http://109.248.11.225
http://46.8.210.91

# Reference: https://twitter.com/JAMESWT_MHT/status/1641002609765916672
# Reference: https://twitter.com/JAMESWT_MHT/status/1641012355214524417
# Reference: https://twitter.com/reecdeep/status/1641012275594100737

http://91.215.85.186
http://91.215.85.204
http://94.140.114.159
http://94.140.115.47
dobcia.com
oqdomain.com

# Reference: https://www.virustotal.com/gui/file/844fbae04b94b5b219d77728c2b3a157409b89fc544a1ca99a845676b6a39a61/detection

ijduwhsbvk.com
siwdmfkshsgw.com

# Reference: https://twitter.com/k3dg3/status/1650847842980843524

http://176.10.111.111
http://176.10.111.119
http://176.10.111.233
http://185.212.44.146
http://31.214.157.160
http://45.11.180.140
http://45.155.249.200
http://45.155.250.216
http://45.155.250.217
http://91.241.93.192

# Reference: https://twitter.com/_brettfitz/status/1650937492114120724
# Reference: https://twitter.com/_brettfitz/status/1650945321642389519
# Reference: https://www.virustotal.com/gui/file/0d852ec934893d3e489031b070af02c6129ab9303f939210b79d229a355f90bf/detection

http://194.58.102.187
http://194.58.97.42
http://45.130.147.89
http://45.147.200.47
http://45.91.8.121
iujdhsndjfksp.ru

# Reference: https://twitter.com/JAMESWT_MHT/status/1651511438542872576
# Reference: https://twitter.com/reecdeep/status/1651520883486257153
# Reference: https://www.virustotal.com/gui/ip-address/91.213.50.83/relations
# Reference: https://www.virustotal.com/gui/ip-address/91.215.85.204/relations
# Reference: https://app.any.run/tasks/21cb6b50-88b4-4e14-9618-2fec59d8a749/
# Reference: https://www.virustotal.com/gui/file/cb652995b061a5269f7e4f51a01c2282108c307fcddd043a0d8ceae29c795cff/detection

http://91.215.85.222
http://94.140.115.190
debosod.com
fastyray.com
finersmash.com
secnutis.com
teseblue.com
whoperla.com

# Reference: https://twitter.com/pollo290987/status/1654366770445074432

http://185.212.47.59
http://31.214.157.31
http://77.73.131.105
http://79.132.128.116

# Reference: https://www.virustotal.com/gui/file/2e5118d15a18ae852bf94d91707ff634d9d8354fef492f5c4e1c46b9cf96184c/detection
# Reference: https://www.virustotal.com/gui/file/5657bb527b62a7a83fb6542f2f80f50d0574dfa0b26a26ff26deb9029687b19a/detection

jkdoiloooooo1.nl
nkdlooooalksloooo.nl
/hjskllooo/

# Reference: https://www.bridewell.com/insights/news/detail/hunting-for-ursnif
# Reference: https://www.virustotal.com/gui/ip-address/185.14.45.80/relations
# Reference: https://www.virustotal.com/gui/ip-address/185.186.245.42/relations

2hrbjc.xyz
5icvzwz.xyz
8hak4j.xyz
dc3txd.xyz
jhzzj3.xyz
s28bxcw.xyz

# Reference: https://threatfox.abuse.ch/browse/malware/win.isfb/

http://143.198.56.58
http://176.10.119.51
http://185.186.245.130
http://185.186.245.22
http://193.56.146.148
http://194.76.225.45
http://194.76.225.49
http://195.123.212.132
http://31.207.46.125
http://31.41.44.51
http://37.120.239.178
http://45.153.230.139
http://46.8.210.82
http://62.173.138.6
http://67.43.234.14
http://82.118.22.245
http://89.116.227.15
http://89.117.37.146
http://89.41.26.90
http://89.41.26.93
http://89.44.9.150
109.230.199.110:443
109.230.199.174:443
109.230.199.248:443
109.248.11.145:443
109.248.11.162:445
109.248.11.163:445
109.248.11.164:445
109.248.11.166:445
109.248.11.186:445
109.248.11.187:445
109.248.11.189:445
109.248.11.191:445
109.248.11.192:445
109.248.11.193:445
109.248.11.225:445
109.248.11.226:445
109.248.11.227:445
109.248.201.1:443
109.94.209.203:443
146.70.113.161:443
15.204.49.218:443
157.254.194.151:443
157.254.195.117:443
159.100.30.187:443
170.130.165.182:443
170.130.55.65:443
176.10.111.111:443
176.10.111.112:443
176.10.111.119:443
176.10.111.134:443
176.10.111.159:443
176.10.111.160:443
176.10.118.153:443
176.10.118.167:443
176.10.119.217:443
176.10.125.84:443
185.142.99.102:443
185.143.221.37:443
185.158.248.100:443
185.158.248.184:443
185.158.251.26:443
185.18.55.106:443
185.186.244.108:443
185.186.244.168:443
185.186.245.42:443
185.186.245.51:443
185.189.151.126:443
185.189.151.38:443
185.189.151.61:443
185.212.44.146:443
185.212.44.76:443
185.212.44.83:443
185.212.47.59:443
185.31.160.197:443
185.31.160.229:445
185.60.134.154:443
185.63.191.187:443
185.68.93.25:443
185.82.219.58:443
185.90.162.33:443
191.96.251.201:443
193.0.178.141:443
193.0.178.237:445
193.142.58.181:443
193.233.175.111:443
193.233.175.18:443
193.233.175.99:445
193.29.104.75:443
193.29.104.92:443
193.56.255.176:443
194.116.162.13:443
194.116.162.14:445
194.116.163.130:443
194.58.109.246:443
194.58.97.42:443
194.76.224.223:443
194.76.224.95:443
194.76.225.141:443
194.76.225.88:443
194.76.227.159:443
195.123.211.112:443
195.123.219.199:443
195.62.53.109:443
199.192.20.142:80
23.106.124.232:443
23.227.202.77:443
23.95.0.100:443
31.172.83.231:443
31.214.157.160:443
31.214.157.31:443
31.41.44.106:443
31.41.44.108:443
31.41.44.109:445
31.41.44.110:445
31.41.44.111:443
31.41.44.122:443
31.41.44.153:445
31.41.44.154:445
31.41.44.156:443
31.41.44.179:443
31.41.44.184:443
31.41.44.185:443
31.41.44.23:443
31.41.44.36:443
31.41.44.76:443
31.41.44.92:443
37.10.71.114:443
37.120.222.178:443
37.120.222.188:443
45.11.180.140:443
45.11.181.122:443
45.11.182.165:443
45.11.182.30:443
45.11.183.24:443
45.128.185.33:443
45.130.147.89:443
45.147.200.47:443
45.155.249.200:443
45.155.249.227:443
45.155.249.229:443
45.155.249.47:443
45.155.249.49:443
45.155.250.216:443
45.155.250.217:443
45.155.250.246:443
45.155.250.55:443
45.67.230.16:443
45.89.189.7:443
45.89.67.190:443
46.8.19.120:445
46.8.19.215:443
46.8.19.235:445
46.8.19.242:445
46.8.210.12:445
46.8.210.140:443
46.8.210.143:443
46.8.210.156:443
46.8.210.168:443
46.8.210.177:443
46.8.210.192:443
46.8.210.26:445
46.8.210.28:445
46.8.210.29:445
46.8.210.31:445
46.8.210.57:445
46.8.210.86:445
46.8.210.91:445
5.34.182.123:443
5.42.199.38:443
62.173.138.159:443
62.173.138.160:443
62.173.138.161:443
62.173.138.164:445
62.173.138.226:445
62.173.138.228:445
62.173.138.24:445
62.173.138.28:139
62.173.138.28:445
62.173.139.157:443
62.173.139.190:443
62.173.140.128:445
62.173.140.150:443
62.173.140.192:445
62.173.140.236:443
62.173.142.51:443
62.173.145.119:443
62.173.145.52:443
62.173.147.10:445
62.173.147.11:445
62.173.147.13:445
62.173.147.14:445
62.173.147.16:445
62.173.147.34:445
62.173.147.35:445
62.173.147.36:445
62.173.147.37:445
62.173.147.38:445
62.173.149.123:443
62.173.149.58:443
62.3.58.57:443
77.73.131.105:443
77.75.230.49:443
77.91.86.116:443
79.110.52.137:443
79.132.128.116:443
79.132.128.228:443
79.132.128.30:443
79.132.130.171:443
79.132.132.216:443
79.132.134.158:443
79.132.135.249:443
79.133.124.62:443
79.133.180.24:443
79.133.180.66:443
79.133.180.95:443
80.77.23.185:443
80.77.23.77:443
80.77.25.109:443
80.77.25.114:443
85.208.107.19:443
91.107.119.116:443
91.107.119.142:443
91.107.119.172:443
91.203.145.250:443
91.213.50.67:443
91.213.50.69:443
91.215.85.151:443
91.215.85.153:443
91.215.85.164:443
91.215.85.172:443
91.215.85.174:443
91.215.85.193:443
91.215.85.202:443
91.218.114.14:443
91.218.114.27:443
91.241.93.101:443
91.241.93.152:443
91.241.93.192:443
91.242.217.113:443
91.242.217.120:443
91.242.217.71:443
91.242.219.235:443
91.242.219.237:443
91.242.229.120:443
91.245.255.49:443
92.38.169.142:443
94.103.183.153:443
94.247.42.235:443
94.247.42.238:443
95.46.8.157:443
agenzia.bar
agenziaitaliane.bar
apt.updateffboruse.com
autoblogs.bar
blakdkfkfokdkd.live
blog.boxfruitvowel.live
bogoleruno.website
boxfruitvowel.live
bussipod.xyz
caaorunokee.site
capacitare.ctec.com.ar
cogoleruno.site
creuranel.site
darwinwasright.click
doplertool.com
dreuranel.site
dureborufer.store
easytotorial.com
eloderuniok.site
fagorun.website
fargowich.website
fdjjasdoeoriefjd.live
forterbokl.com
gloderuniok.website
gogoleruno.website
graga.pl
grasionulitom.website
grounddoesstart.live
growweedfree.email
hobbis.xyz
hoolohoopfornew.email
inbizintesansanpaolo.com
intermedia.bar
ireuranel.site
longlive.casa
longlive.cyou
lureborufer.store
m.science-club.site
medialines.bar
mureborufer.one
ofdore.xyz
pablobreijo.es
paralikulat.website
ploderuniok.site
pricesin.xyz
pureborufer.one
railwinpopulatein.live
rogoleruno.site
science-club.site
shoutdidthus.live
sitwhose3pretty.live
soderunovos.website
taybhctdyehfhgthp2.xyz
tdsjsext6.com
thyihjtkylhmhnypp2.xyz
tlbcorporation.su
togoleruno.site
top.avyanok.com
tumolerunosell.website
uloderuniok.site
unavas.xyz
updateffboruse.com
vitems.de
vloderuniok.website
win-bestawards-here.life
wlu10www164.webland.ch
wureborufer.one
zereunrtol.website
/agenzia/0818/IptpeV.php
/agenzia/0c77/kUn8cI.php
/agenzia/4a7b/7aKKmd.php
/agenzia/4a7b/XUzDXI.php
/agenzia/7c0f/691GaX.php
/agenzia/ba5a/0pE3Yc.php
/agenzia/cd4a/48UsOE.php
/agenzia/e912/by3g6c.php
/agenzia/e912/f0TgGf.php
/agenzia/edf9/V7vQwM.php

# Reference: https://www.virustotal.com/gui/ip-address/91.213.50.52/relations
# Reference: https://www.virustotal.com/gui/ip-address/91.215.85.164/relations
# Reference: https://www.virustotal.com/gui/ip-address/91.215.85.172/relations
# Reference: https://www.virustotal.com/gui/file/7bed2fb3176716bd5f0a077cf8a670f6dbdf9d90d0091dc40a25f7c7bf4ab038/detection

http://94.140.114.123
centraless.com
mainertin.com
swebbers.com
twinean.com
vipbeed.com

# Reference: https://twitter.com/doc_guard/status/1659551438396178433
# Reference: https://www.virustotal.com/gui/ip-address/194.165.16.94/relations
# Reference: https://www.virustotal.com/gui/ip-address/80.66.79.104/relations
# Reference: https://tria.ge/230518-rtj29scd96

bastarka.top
moortand.top
somanga.top

# Reference: https://www.virustotal.com/gui/file/008e3c93587f8619c8dac8d6cbb13d607faac7e11aec217c3db130fcece66c18/detection

http://172.86.121.117
iod5tem372udbzu2.onion

# Reference: https://www.virustotal.com/gui/file/317773f3dccd4df7817127a7320bf555a4d3468eede8d10cebdc6e4a8898223c/detection

185.77.128.246:31780

# Reference: https://www.virustotal.com/gui/ip-address/217.107.34.13/relations
# Reference: https://www.virustotal.com/gui/file/06437798ec9383e2a5ee87a5c4cc1b79fbf2c22420cdf5a546614cc4ad8dcf5c/detection

http://185.158.251.39
http://94.247.42.61
adv-testing.ru
job-lionserver.ru
job-lionserver.site
panel-doruk28.site

# Reference: https://twitter.com/JAMESWT_MHT/status/1678982791705378816
# Reference: https://www.virustotal.com/gui/ip-address/91.212.166.66/relations
# Reference: https://www.virustotal.com/gui/file/9782f11930910c7d24dea71a7a21f40f19623b214cb1848bf9f4d49b858c8379/detection

nikotta.com

# Reference: https://twitter.com/Jane_0sint/status/1679030035225690112
# Reference: https://app.any.run/tasks/f98aa2c5-deae-408a-8e86-530e7961dfb6/

3.82.39.163:1883
44.195.202.69:1883

# Reference: https://www.virustotal.com/gui/file/081aba3ce43d15aba0ae9a2e99429fbfb00565d2b625120db0bf41a520bb2e38/detection

anneburgersfwjs.xyz

# Reference: https://twitter.com/James_inthe_box/status/1684667611148398596
# Reference: https://app.any.run/tasks/d745ae57-9145-4db5-99a5-fb9c3b109353/
# Reference: https://www.virustotal.com/gui/file/05236608f7106a5c0c9702ef2658daa1b03e005eb9a49e98eebd741e6b800793/detection

dybseta.com

# Reference: https://www.virustotal.com/gui/file/2fee2efafceccb300fb1ed90b46e7b63bba45735de2e22ac35eb894fb6bea408/detection

http://63.250.40.40
http://63.250.40.42
glooserok.website
parlaktoria.website

# Reference: https://www.virustotal.com/gui/file/9f1776bc69385287fa16cb5439bfc2da4fe32b5517a865f770bc6c945100dbee/detection

00sw00.3utilities.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1676205911180734464
# Reference: https://twitter.com/reecdeep/status/1661739256220635152
# Reference: https://twitter.com/reecdeep/status/1676525034410483714
# Reference: https://www.virustotal.com/gui/file/0b3d641004b2a730cd86a3131f6ae569e6692c03368dd1ac17f14bfd395e5bcb/detection
# Reference: https://www.virustotal.com/gui/file/f59b112154fa7b5d054be2543b3ece90ba0c1eb828edc2636602368f2213aadc/detection
# Reference: https://www.virustotal.com/gui/file/1a7b58f826c11cea43fb02c7dfab85bae6a131f1fd3c5d4b2ee95910d84bebdb/detection
# Reference: https://www.virustotal.com/gui/file/3533f1769dc26c6ded05790915fd59acdf3a061c4d0a641a8a07622aefc75201/detection
# Reference: https://www.virustotal.com/gui/file/7d0b3f35f4916e7b988b912715e2e02bc49f6603dfa765a51b8662511868c25a/detection
# Reference: https://www.virustotal.com/gui/file/c334bcd8882669968904d0a2c37e72fc11ec35389b13a429a513594c4b9a52b2/detection
# Reference: https://www.virustotal.com/gui/file/6561cb8cc42f0f533f81f203af9f587c8946f6bcab94496325f210a3f6265593/detection

http://109.105.198.129
http://185.82.126.202
avas1t.de
avas1ta.com
balkun.com
delideta.com
exeseria.com
itwicenice.com
njamma.com

# Reference: https://www.virustotal.com/gui/ip-address/91.215.85.164/relations
# Reference: https://www.virustotal.com/gui/ip-address/91.212.166.44/relations

dretils.com
epidine.com
freduska.com
provaterta.com
streetfee.com
weseens.com

# Reference: https://twitter.com/g0njxa/status/1681776434635849728

http://185.212.44.76
http://185.212.47.65

# Reference: https://www.virustotal.com/gui/file/2e0f289022b02d1740f9ff0f2b4652967e4944d628e7f709cb48ef817a0e6d6c/detection
# Reference: https://www.virustotal.com/gui/file/5e5722af27fc7ae05a9f9705ce1d680fec5fef27a67019c37e2bd768c8e7c07e/detection

http://45.11.180.178
http://45.11.181.28
http://45.11.182.38
http://45.155.249.220
http://45.155.249.91
http://45.155.250.58
http://79.132.130.230
http://94.247.42.213
cajaminoretino.site
forum4ate.ad.b1ing.com
liset.che3ck.bi1ng.com
lisfwhite.ch2eck.yaheoo.com
listwhfite.check3.yaho1o.com
lyc.l.ly3cos.com
updat4es.yahoo.yah1oo.com
updates.ya3hoo.yah4oo.com
updates.yahoo.yah1oo.com
updates.yahoo.yah4oo.com

# Reference: https://www.virustotal.com/gui/file/74b922e570c011822d87a837b45e4bb4290f192caa38e2d379eba76025004c36/detection

cdn-dwnld.site
cdn-dwnld.store
cdn-prok.site
dwnld-cdn.site
start-up-plus.site

# Reference: https://twitter.com/josh_penny/status/1696816842751254833
# Reference: https://www.virustotal.com/gui/ip-address/5.42.199.70/relations
# Reference: https://www.virustotal.com/gui/ip-address/91.193.181.151/relations
# Reference: https://www.virustotal.com/gui/ip-address/91.212.166.45/relations

drivelamba.com
gestorbancasrl.com
gestorbancosrl.com
gestordancosrl.com
gestorebancasrl.com
gestorebancasrl.org
inbizintesasanpaaolo.com
inbizintesasanpaoolo.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1702549880336437536
# Reference: https://www.virustotal.com/gui/file/c0bc6a763d21d8a465a58a288c534e0e0a2aa642d1168ddd7c5ab05f066af676/detection

goamiev.com

# Reference: https://twitter.com/Tac_Mangusta/status/1703716708236570650

http://62.173.145.113
62.173.145.113:445

# Reference: https://twitter.com/JAMESWT_MHT/status/1704024328910610660
# Reference: https://www.virustotal.com/gui/file/cd10d150eef5383972a6c479e1c85f259874828aa33aae2da36b118b4fcc6961/detection

serverlogins.com

# Reference: https://twitter.com/br0pi/status/1703777154943652181

http://62.173.145.164
62.173.145.164:445

# Reference: https://twitter.com/JAMESWT_MHT/status/1706919214588506202

http://146.19.233.250
http://31.41.44.28
http://46.8.19.158
http://62.173.146.12
http://62.173.145.113
http://62.173.145.164
http://62.173.145.210
62.173.146.12:445
62.173.145.113:445
62.173.145.164:445
62.173.145.210:445

# Reference: https://twitter.com/JAMESWT_MHT/status/1707015428713685403

mimemoa.com
netsecurez.com
ntcgo.com
whofoxy.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1707027518199324876

http://94.140.112.19

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Gozi_Banker/gozi_c2s_2020_to_2023.txt

http://108.61.165.145
http://109.230.199.106
http://176.10.111.45
http://176.10.111.47
http://176.10.111.72
http://176.10.119.229
http://185.14.45.80
http://185.158.248.184
http://185.158.251.26
http://185.189.151.250
http://185.219.220.150
http://194.76.224.234
http://194.76.225.110
http://194.76.225.64
http://194.76.227.187
http://37.120.222.23
http://45.11.180.110
http://45.11.181.117
http://45.11.181.122
http://45.15.157.239
http://45.155.249.170
http://45.155.249.172
http://45.155.249.227
http://45.155.249.229
http://45.155.249.47
http://45.155.249.49
http://45.155.249.94
http://45.155.250.225
http://45.155.250.246
http://45.155.250.55
http://77.91.87.244
http://77.91.87.248
http://78.153.130.9
http://78.138.9.136
http://79.132.128.146
http://79.132.128.151
http://79.132.128.95
http://79.132.129.207
http://79.132.130.234
http://79.132.132.247
http://79.132.135.228
http://79.132.135.249
http://80.77.23.185
http://89.43.107.7
http://91.241.93.101
http://92.38.169.142
http://94.247.42.106
http://94.247.42.124
http://94.247.42.79
3rdpart2.ru
9juuz3mmwxgb97n.xyz
abdicatedhosupporthave.biz
abolishingpowers.su
ad1.wensa.at
adm.cutmedic.com
agenziaent.top
agenziaentr.top
agilkkccduh.com
ahotltkthnhl.com
ahotltkthnhll.ru
alfgoonop.su
alpeniper.su
alpetopgx.su
ameseparationfelworlda.com
andtheirpolitical.org
anrfrm.msn.com
anythingelse924.com
assumeoppothgoverfaprote.biz
assumeoppothgoverfaprote.info
awd.byfaithchurch.org
babidone.top
ballya99.ru
bamukal.top
barbabituarat.com
begoventa.top
bequick58302.com
biinng.cfd
biinng.com
biinng.shop
biinng.world
bijnwwfbm.com
bin1g.com
bismallahhidjab.ru
blog.click-catalog.ru
bnkalirmf.com
bodycsrcubuntu.org
bodyerboubuser.net
bodyerrorsrcerrorscscsol.net
bon11ljgarry.com
bot.wakeandbakealldaylong.com
bretpeoplesupnatandmeas.net
bumbo998.ru
c55wccayla.info
catalog-new.ru
ceredovza.top
checklist.skyfpe.com
ches4enderbioynedr.ru
cheshenets-dom.ru
cheshnyatoday.ru
chespotuoynedr.ru
chiko99.ru
circumestablished.su
colodart.top
comhtorboubu.info
commozo.com
cserhtmlordi.net
csolubuntudial.info
cvelasiren.ru
cvelasiren.su
dantedbkoosov.site
darwikalldkkalsld.xyz
deltamission12.ru
dialcomsrcorig.org
dialerrorbodyorig.org
dialubuntudicom.biz
diersrcerhtmlerhtml.com
dipsitripsikey70.com
dir.biinng.shop
discountmarketgrp2015.eu
ditimbodytimeout.com
diuolirt.at
diwdjndsfnj.ru
dnjcgeppnveyviu.com
dobriytsar.ru
dobriytsar.su
dobroeutro.su
donkixot17.net
donkixot17.ru
duckduckgo1.com
duckduckgo2.com
dukatto03lo.ru
ecosystems492.ru
effectpretendedsho.info
eliousdf.online
energysystems210.ru
ersolcsolerditim.com
f1.pipen.at
fia-secure-connect.ru
filokiyurt.at
fkklqkjgnr.com
fonotarka.ru
foropolios.su
gangabasta67.ru
gazvata.ru
gdglebsoincaluiprada8.ru
gdospotuoyluiprada8.ru
germinf.com
ggllyomi.com
giototad.xyz
gketchupcaluiprada8.ru
go.in100k.at
golang.feel500.at
gpanxkutxgrprgucvk.com
greenenergy322.ru
grekoiuh.at
groakdlaskdnaskd.xyz
gromkiyzvuk.ru
gromkiyzvuk.su
guellyomi.ua
habrahahaha.ru
happalliancesththeir.org
hbritneyyi.com
highnetwork.pw
hisandsuchprov.com
hisandsuchprov.ru
holodnoepivo.su
horoshiyden.ru
horoshiyden.su
htmlorditimeoutsrc.com
huburda.com
iewqncjusia.ru
info.altacom.it
io.laurela.at
islamicpork.ru
itnnuubvifmaintg.com
iwqdjsnvkc.ru
iwqdndomdn.su
janetly741.ru
jdksadlfjksdfnkdsf.xyz
jdsncjxjujdww.ru
juano229.ru
kashainterest.ru
kavkaz-immaat.ru
kfdsljfsdwhg.ru
klounisoronws.xyz
klspotuoyka93hhu8.ru
korichneviyrassvet.ru
korichneviyrassvet.su
kraskinaayd7imus.ru
krepkiystul.ru
krepkiystul.su
krugovayaporuka.ru
krugovayaporuka.su
kslenowvlico9polu.ru
kslepeowvlico93hhu8.ru
lambostretauus.ru
lan.fbbcwoodwardpark.com
lan.hayloindigo.com
lansupports.com
lansystemstat.com
legislaturefrithe.biz
leiklubniittoosih9racker.ru
leikocitoosih9racker.ru
leinwqoa.com
letniydozhd.ru
letniydozhd.su
lgeywijneyke.us
liemuteste.com
llogiin.biinng.com
log.biinng.cfd
loggin.biinng.com
logonn.biinng.com
lolila.net
loogin.biinng.com
lostnetwork.in
lsammietf53.com
lwovlomlipse.com
lwovmietypse.biz
maillito.cfsa.it
massmastaderila.net
matashka.ru
megamasskomunism.biz
megateraflopsperhour.org
mereter.cloud
merrovalt.top
messpotuoyoosd.ru
metrleblonlaoyoosd.ru
metsimsitylaoalld.ru
militarynegl.info
mitotad.xyz
mnvxcjieifad.su
moriyurw368798.ru
murdersknown.biz
musicvideoporntip3s.ru
musicvideoporntips.ru
nan.bocalee.com
neftinetinebudet.net
net7.dns9free.ru
new-run.cc
new-run.pk
news.new-webs.ru
nifredao.com
nogaknoge.ru
nogaknoge.su
nort.calag.at
oafscxumipqicnta.com
okkolitalia.icu
okme4koodj09291.ru
okpoker009291.ru
omni5sol.ru
orhtmlcbodyerrorhtml.net
origbotimeout.net
orightubudialcomdial.biz
origsolerhterrorhtml.org
origstimeoutsoltimeout.biz
orsolerrorboubuntusbody.org
othersandtyrantpeoplebe.info
ourdeclendeavored.ru
p28u70webster.com
p4elauus.ru
pampers-globalworld.ru
perimetradvetixter23.net
perviyclass.su
perviylich.su
perviysneg.ru
perviysneg.su
pinkfloyd-mp3love.ru
pkgmvltcjk.org
ploi7260m71.com
podliyvrag.ru
podliyvrag.su
powersave573.ru
pretendedamericagen.su
promoactionsadvmrktng.net
ptnchmo812.ru
ptnpnh771.ru
puqcgfwgmftravot.com
pushkin-kotero.ru
pvoivuvsemnuvr.com
randomizenr832.com
redwoodmotors.ru
reject4win11.ru
repeseparation.ru
romaya.ru
ror077rox770ytr.com
rozoviyzakat.ru
rozoviyzakat.su
rtsnysrusdtbh.net
rysekjefqxmqwmiwf.com
s4kaloddsjina88a8.ru
salapowersalonenature.ru
samelivessuwifut.net
sandinsd7x6e.ru
sastytinddlod6e.ru
separationusurp.net
serrorbodycombodytimeout.info
serrorhtmlubuhtmler.biz
sferasnderbioyne7r.ru
shumelkamish.ru
shumelkamish.su
siglebis03lo.ru
silniygrom.ru
silniygrom.su
simenshina88a8.ru
sinkopinko423.ru
sinpotikos.com
skyfpe.com
solcomsrccombodycom.info
solerrorboorigdialsrcor.org
sosandhelpconnect.ru
splovishvdia88.ru
spotuoyoliusdd.ru
sqilbafkeu.com
srccombodyorhtml.com
srcerdialtimeout.biz
srcubusrctimeouthtml.info
srffofmukc.com
srfoofmukc.in
sscramblera4.site
sspotuoyobermanoba4.ru
ssrazyyoliusdd.site
sssemenlaoyobermanoba4.site
statesformstthe.info
staticago.com
staticstoday.com
statisticaregger32.com
statisticaup.net
statusline.ru
statuslines.ru
stimeoutbodytimeout.biz
sumarno.top
sup.biinng.world
superstatic.net
supportsstats.com
supportsstats.net
svoona8vdia88.ru
sys.aronzvi.com
sys.fmacconsulting.com
sys.jacentacobb.com
sys.naturallymewraps.com
sysconnections.net
tacreofunsrdeos2.ru
taktponimeuyd7imus.ru
tandem88.ru
techetreka.ru
techetreka.su
temlobasid.site
temnayanoch.ru
temnayanoch.su
temniyles.ru
temniyles.su
teplayavodka.ru
teplayavodka.su
tgyouabyipli.com
thbarbsalariespowers.su
thulligend.com
tihiyshepot.ru
tihiyshepot.su
timbodytimhtml.com
timeforvictory144.ru
timeoutsordierhtmlubuntu.net
timeoutstims.com
tmadecorrespondence.com
tmp1.super-list.ru
tomniyvecher.ru
tomniyvecher.su
truhlyaviypen.ru
truhlyaviypen.su
trusliviyzayac.ru
trusliviyzayac.su
tympedyrra66kos2.ru
ubuhtmlerrorsubuntudial.info
ubuntubocomsrctimeout.com
ubuntuditimeout.org
ubuntudiubuntubo.org
ubuntusrccom.com
ubusolerrorhtmlcbody.net
underbulletkey77.com
unitpores.com
unonghxqvceqhtn.com
unzopedaliohkinkachotero.site
utliycheln.ru
utliycheln.su
uvbhbaxahsia.ru
uvbhbxahsia.com
vdorrisacleo.xyz
velooiisd.club
vendettasoftworld.ru
vertalis.top
vndjtu968488.ru
vundaba.com
wdsasdcas.icu
werfjmqmhpvpfrm.com
whaugirls.ru
xor055rox550ytr.com
ya.aftnoop.at
yivnkrkepnpea.com
yivuiosmjnpea.org
/adwordsdata/dropbox/xxx
/bbr_src/utilites/xxx
/bi1ng212/
/bin1gf12/
/cl001/pktre/
/cl001/pktre/rtyx
/clkx25/
/clkx25/qw5yt/
/clkx25/qw5yt/ftrkp2j
/ftrkp2j/
/get1idm/
/op_xxx/front/xxx
/pktre/rtyx
/qw5yt/
/qw5yt/ftrkp2j
/geodata/version/ip2ext/tcokarvdq.php
/tcokarvdq.php

# Reference: https://www.virustotal.com/gui/file/76ef7c41ceaf9b18dfce82a1d19fe304ddf9bbf6d23947e28a749a0f13544302/detection

cosconsltngfed.biz

# Reference: https://twitter.com/JAMESWT_MHT/status/1707331264850616517

http://94.140.114.21
91.201.65.64:9555

# Reference: https://twitter.com/fr0s7_/status/1707695132177277391
# Reference: https://www.virustotal.com/gui/ip-address/193.33.195.86/detection

http://193.33.195.86
starwebs.site
super-jet.online

# Reference: https://twitter.com/JAMESWT_MHT/status/1709043852898693560

http://62.173.138.114
http://62.173.138.42
http://62.173.138.43
http://62.173.138.45
http://62.173.138.46
http://62.173.146.13
http://62.173.146.20
http://62.173.146.42
http://62.173.146.43
http://62.173.146.45
http://62.173.146.46
62.173.138.114:445
62.173.146.13:445
62.173.146.20:445
62.173.138.42:445
62.173.138.43:445
62.173.138.45:445
62.173.138.46:445
62.173.146.42:445
62.173.146.43:445
62.173.146.45:445
62.173.146.46:445
/Agenzia/client.exe
/scarica/client.exe

# Reference: https://twitter.com/JAMESWT_MHT/status/1709092648647061621

http://185.247.184.139
http://46.8.210.250
http://62.72.33.155

# Reference: https://twitter.com/reecdeep/status/1709916341539320019

communicalink.com

# Reference: https://twitter.com/reecdeep/status/1709866199989837898

http://185.82.127.120
http://62.173.146.64
http://62.173.146.65
http://62.173.146.66
http://62.173.146.67
http://62.173.146.68
62.173.146.64:445
62.173.146.65:445
62.173.146.66:445
62.173.146.67:445
62.173.146.68:445
mifrutty.com
systemcheck.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1710297885122638260

igrovdow.com

# Reference: https://www.virustotal.com/gui/file/8ed783fe30c86760fcb75b7ca7ea978e90f621418785a03e48b5b9e37a837df6/detection

quickdrive.ae/js/JS000082510952000/dll/assistant.php
/js/JS000082510952000/dll/assistant.php
/JS000082510952000/dll/assistant.php

# Reference: https://www.virustotal.com/gui/file/0191114a1ad51d073bd2084d21f70d71f2ae748a790455c4a708915ad7533d2d/detection
# Reference: https://www.virustotal.com/gui/file/9429777dde066253a4514870e610bf296403c4896b8b77238786ab5c6c392458/detection

http://45.142.212.34
45.142.212.34:443

# Reference: https://twitter.com/JAMESWT_MHT/status/1711357394733707592
# Reference: https://twitter.com/abuse_ch/status/1711366671602950487
# Reference: https://urlhaus.abuse.ch/host/hdstatusvideos.com/
# Reference: https://www.virustotal.com/gui/file/3e3fd1b4825df1cf0b4c38324e5afcc95cabb954c0c4fda565cb989a3392a998/detection
# Reference: https://www.virustotal.com/gui/file/9ba1b4b2e831f909487b2efa9605f96f249e6c77b99163abc2598510bfe2d5d2/detection
# Reference: https://www.virustotal.com/gui/file/12f1fa49ce2f2fd19db6147e547a35625c260b2fec2ecf67de89c837990c5d94/detection
# Reference: https://www.virustotal.com/gui/file/ca6fe3037264b087f01f842c1ea16f936ea070a8118d9562e401fd70ee93abcc/detection

http://62.173.145.25
http://62.173.145.70
http://62.173.145.73
http://62.173.145.113
http://62.173.145.164
http://62.173.145.210
62.173.145.25:445
62.173.145.70:445
62.173.145.73:445
62.173.145.113:445
62.173.145.164:445
62.173.145.210:445
iextrawebty.com
maillines.top
hdstatusvideos.com/agenzia/
hdstatusvideos.com/codice/
hdstatusvideos.com/connect/
hdstatusvideos.com/impresa/
hdstatusvideos.com/scarica/

# Reference: https://twitter.com/JAMESWT_MHT/status/1711372722461155346

http://62.173.146.113
http://62.173.146.164
http://62.173.146.210
http://62.173.146.71
http://62.173.146.72
http://62.173.146.73
62.173.146.113:445
62.173.146.164:445
62.173.146.210:445
62.173.146.71:445
62.173.146.72:445
62.173.146.73:445

# Reference: https://twitter.com/JAMESWT_MHT/status/1711667650160382354
# Reference: https://twitter.com/JAMESWT_MHT/status/1711669243182277012
# Reference: https://twitter.com/JAMESWT_MHT/status/1711708843103645808
# Reference: https://app.any.run/tasks/84914c8a-aec8-4696-92f0-4b80d59d3eda/
# Reference: https://app.any.run/tasks/b3fd50a0-c989-4680-8f99-dbdd9d80b06c/

http://154.56.56.167
http://193.203.162.14
http://45.93.139.24
http://62.173.145.36

# Reference: https://twitter.com/Tac_Mangusta/status/1712462898365419973
# Reference: https://twitter.com/reecdeep/status/1712471702574346429
# Reference: https://twitter.com/JAMESWT_MHT/status/1712471707624276459

http://62.173.146.108
http://62.173.146.109
http://62.173.146.110
http://62.173.146.111
http://62.173.146.112
62.173.146.108:445
62.173.146.109:445
62.173.146.110:445
62.173.146.111:445
62.173.146.112:445
fotexion.com
igtiwfhc.page.link
morin-fioul.com/processo/
/scarica/modulo.url

# Reference: https://threatfox.abuse.ch/browse/malware/win.gozi/

http://202.28.69.138
ercyazilim.com/centro/MSvZZEHkNvHEvDBf
sms.essmatrix.in/centro/ZTBkqrBEigSGkg
/centro/BSLiZTnMOCmLs
/centro/MSvZZEHkNvHEvDBf
/centro/ZTBkqrBEigSGkg

# Reference: https://twitter.com/fr0s7_/status/1712721787652321292

qusbec.com

# Reference: https://twitter.com/fr0s7_/status/1715119719429091657
# Reference: https://www.virustotal.com/gui/file/150dc88f9d2da5a2428baaf2d2ccfdedf4089a76b3ea5742c4e4014eca392a03/detection

fqunax.com

# Reference: https://twitter.com/Slvlombardo/status/1713550271446438353

elsrwmqb.page.link
stfyjxwz.page.link

# Reference: https://threatfox.abuse.ch/browse/malware/win.gozi/ (# 2023-10-17)

139.144.212.80:443
154.56.40.58:443
176.10.111.79:443
176.10.111.99:443
185.14.30.10:443
185.14.30.10:8443
185.247.184.139:443
193.203.162.14:443
193.203.163.96:443
222.92.64.208:10443
31.214.157.11:443
45.93.139.24:443
46.17.41.112:443
5.61.37.91:443
83.217.9.90:443
91.212.166.70:443
91.218.114.34:443
91.218.114.34:8443
91.241.93.253:443
95.163.233.114:443
admarseb.click
csmakrjet.pw
expirew.com
fabsolution.net
irconnect.online
t3.irconnect.online
topmoonstart.cloud
vwm.fvds.ru

# Reference: https://threatfox.abuse.ch/browse/malware/win.gozi/ (# 2023-10-27)

http://170.130.55.65
http://91.242.217.120
http://94.247.42.100
http://94.247.42.215
glamrgysmanaskdkambibatstezya.space
incontroler.com
onlinepoints.online
onlinepoints.top
rkovkagysmanmasksemyanastezya.adygeya.su
rmonaasgysmankktxubastaezya.live
rrakomaskpgysmancdakirgitushkanchikzya.adygeya.su
rsiskmasgysmankbzfdrosterzya.com
rufgysmanymrmaskbteyryeuliliezya.website
rutichhdaskgysmanoltogorovidsnstezya.space
rzipaurgysmanmaskssmastaezya.abkhazia.su
sramrmaskgysmanproteploszya.space
whofos.com

# Reference: https://gist.github.com/silence-is-best/06d709336bc90faaabe8c36af504b71c

stills.sale
/diu1bh2uidn1ss.php
/ind9010j29d0j2.php
/iudvg12hd21i89.php

# Reference: https://threatfox.abuse.ch/browse/malware/win.gozi/ (# 2023-11-07)

azzoodijdhgdr.com
fertikalossf.com
gagorun.website
gdsgwefewrewr.ru
gqx21mcou.com
hfdhdfgrre.ru
hfdhfdhdfhdfa.ru
markuami.com
methodalapaisdd.com
nfyuabel.com
rwoodrowyioay.com

# Reference: https://app.validin.com/axon?find=80.66.79.0/24&type=ip4
# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=185.87.148.122

allhd.top
balguka.top
banudare.top
barisaxa.top
bonusyar.top
budalixt.top
fingerop.top
mudaxos.top
mukapala.top
musugon.top
palubax.top
playhd.top
seriahd.top
serialhd.top
tombana.top
tomugad.top

# Reference: https://twitter.com/banthisguy9349/status/1736443021585990135
# Reference: https://pastebin.com/Ed0fDmkv

anna.me
apioneiraimoveis.com
app-blnevine.com
arculus.su
beno2.me
delineshippers.com
easmotorsdepot.com
guk.me
harvest.me
jack.me
katar.me
kto.me
nestbankonline.com
nestbankpl.net
oursmartcontrolpanel.com
riga.me
sinapseautomacao.com
tercomterminais.com
unioncentergroup.com
acao2.sinapseautomacao.com
sala2.tercomterminais.com
super2.apioneiraimoveis.com

# Reference: https://www.virustotal.com/gui/ip-address/91.215.85.174/relations

anatums.xyz
annales.xyz
anthus.xyz
boophiluss.com
brochant.info
bruneidesi.com
buckner.info
carpogamy.xyz
chimneys.info
chunghwa-tw-post.com
chunghwapost-tw.com
cryptometer.life
deleons.info
egons.info
flagrance.xyz
flawflower.xyz
fredholms.info
geryoneo.info
gr-elta-post.com
hellenic-eltapost.com
hykitoi.com
julolidin.com
lehi.info
lyjejo.com
mantling.xyz
misbeseeming.xyz
museographer.xyz
octamerous.info
oenotheraceae.com
offertories.xyz
overgreedily.info
paiks.info
percomorphis.xyz
petrovsk.xyz
pierid.info
plusch.xyz
preinviting.info
premethodical.com
respirabilities.com
routinized.info
sdscfff.cyou
semiworks.xyz
sequan.info
spondean.xyz
toxunao.com
tripudiated.xyz
tunnery.xyz
turophile.xyz
tuwutia.com
ultracold.live
undiess.xyz
universoapi.com
vapoloo.com
wehowae.com
zaremskis.xyz
zocypio.com
zurukai.com

# Reference: https://www.virustotal.com/gui/ip-address/80.66.64.199/relations

picassodraw.site

# Payload

/c0nnect1on.dll
/con3cti0n.dll
/contabilita.dll
/contatti.jpg
/importante.dll
/installazione.dll
/0pz1on1.dll
/0pzional1a.dll
/officina.dll
/opzionalla.dll
/pan0ramic0.jpg
/securezza.dll
/servizi.dll
/statis1c.dll
/f0t0s.jpg
/cook32.rar
/cook64.rar
/grab32.rar
/grab64.rar
/stilak32.rar
/stilak64.rar
/vnc32.rar
/vnc64.rar
/ph0t0.jpg
/p1cture3.jpg
